Financial advisory firms, like all businesses, got another rude wake-up call when hackers recently launched a widespread ransomware attack known as "WannaCry."
The hack was noteworthy for the speed and magnitude of its reach. In just a few days, more than 200,000 computers in 150 countries were sidelined. And while the impact in the U.S. was minimal, the attack shows the continued vulnerability of all computer users to hackers and underscores the need to stay one step ahead of those who would cause mischief or worse in our government, business and social institutions.
According to computer experts, one takeaway from the attack is that a lot of the damage could have been avoided had those exploited followed well-known precautions: updating operating systems and installing security patches. One commentator said the WannaCry attack highlights the underinvestment in cybersecurity, and that may be its lasting legacy.
The ransomware attack prompted the Securities and Exchange Commission to issue a risk alert last week to broker-dealers and advisory firms. As part of the alert, the SEC pointed out the findings of recent examinations of 75 firms on cybersecurity preparedness. The SEC found that B-Ds generally were doing a better job than advisory firms in this area. For example, only 5% of B-Ds examined did not conduct periodic risk assessments of critical systems to identify cybersecurity threats, vulnerabilities and business consequences, while 26% of advisers and funds failed to do so.
Along those same lines, the SEC found that only 5% of B-Ds failed to conduct penetration tests and vulnerability scans on critical systems, compared with 57% of advisers and funds.
The SEC's findings should not come as a surprise. B-Ds are generally larger and have more resources to devote to cybersecurity than advisory firms have. But that doesn't mean the threat is any less important for advisory firms. As the most recent ransomware attack made clear, everyone is susceptible. That being said, those that take precautions and remain vigilant with regular maintenance programs in place increase their chances of fending off such attacks.