SEC alerts advisers on WannaCry ransomware cyberattacks

Regulator stresses vulnerability testing and timely system upgrades

May 17, 2017 @ 1:15 pm

By Liz Skinner

The Securities and Exchange Commission staff issued a cybersecurity alert to broker-dealers, advisers and investment funds Wednesday in the wake of the pervasive ransomware cyberattack over the past five days known as "WannaCry."

The alert from the Office of Compliance Inspections and Examinations emphasized the importance of firms conducting penetration tests and vulnerability scans on critical systems and stressed the necessity of upgrading systems on a timely basis.

The ransomware attack that was unleashed last week was especially damaging because it had a mechanism to spread through networks, looking to infect other computers that hadn't been updated to stop the worm.

The regulator said it doesn't expect firms to anticipate and prevent every cyberstrike, but it highlighted the importance of thinking about these issues in advance of an incident.

(More: Cyberattack should prompt advisers to ask their IT professionals hard questions)

"Appropriate planning to address cybersecurity issues, including developing a rapid response capability, is important and may assist firms in mitigating the impact of any such attacks and any related effects on investors and clients," the alert said.

WannaCry infects computers with malicious software that encrypts users' files and demands payment to regain access to the data. The ransomware attack hit more than 200,000 computers in 150 countries in recent days.

(More: Online security ETFs surge in face of cyberattacks)

The SEC staff alert said a recent OCIE examination of 75 firms found that 5% of broker-dealers and 26% of advisers and investment funds did not conduct periodic risk assessments of critical systems to uncover vulnerabilities, potential business consequences and other cybersecurity threats.

The alert also recommended firms review the U.S. Department of Homeland Security's Computer Emergency Readiness Team's warning about cybersecurity actions firms might want to consider in reaction to the latest ransomware incident.

0
Comments

What do you think?

View comments

Recommended for you

Sponsored financial news

Featured video

INTV

Advisers beware: tax law has unintended consequences

Commission accounts could be preferable for some clients, and advisers could be incentivized to move from employee broker-dealers to independent channels.

Recommended Video

Path to growth

Latest news & opinion

Lightyear Capital takes 50% stake in $9 billion HPM Partners

Private equity backing could fuel acquisitions by the large RIA.

Tax reform: 7 essential strategies for financial advisers

While advisers face the difficult task of analyzing the law's impact, they will also have a significant opportunity to prove their value by implementing money-saving strategies for clients as well as their own businesses.

Tax law: Everything advisers need to know about the pass-through provision

The provision is tricky, but could provide advisers and business-owner clients with sizable tax savings.

Bill requiring fiduciary disclosure reintroduced in New Jersey

Measures would obligate financial advisers to tell clients they do not have to act in their best interests.

Merrill Lynch to let advisers text with clients

Texting has been a popular mode of communication for years, but in the past the firm's regulations have prevented advisers from using it.

X

Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.

X

Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print