SEC alerts advisers on WannaCry ransomware cyberattacks

Regulator stresses vulnerability testing and timely system upgrades.
MAY 17, 2017

The Securities and Exchange Commission staff issued a cybersecurity alert to broker-dealers, advisers and investment funds Wednesday in the wake of the pervasive ransomware cyberattack over the past five days known as "WannaCry." The alert from the Office of Compliance Inspections and Examinations emphasized the importance of firms conducting penetration tests and vulnerability scans on critical systems and stressed the necessity of upgrading systems on a timely basis. The ransomware attack that was unleashed last week was especially damaging because it had a mechanism to spread through networks, looking to infect other computers that hadn't been updated to stop the worm. The regulator said it doesn't expect firms to anticipate and prevent every cyberstrike, but it highlighted the importance of thinking about these issues in advance of an incident. (More: Cyberattack should prompt advisers to ask their IT professionals hard questions) "Appropriate planning to address cybersecurity issues, including developing a rapid response capability, is important and may assist firms in mitigating the impact of any such attacks and any related effects on investors and clients," the alert said. WannaCry infects computers with malicious software that encrypts users' files and demands payment to regain access to the data. The ransomware attack hit more than 200,000 computers in 150 countries in recent days. (More: Online security ETFs surge in face of cyberattacks) The SEC staff alert said a recent OCIE examination of 75 firms found that 5% of broker-dealers and 26% of advisers and investment funds did not conduct periodic risk assessments of critical systems to uncover vulnerabilities, potential business consequences and other cybersecurity threats. The alert also recommended firms review the U.S. Department of Homeland Security's Computer Emergency Readiness Team's warning about cybersecurity actions firms might want to consider in reaction to the latest ransomware incident.

Latest News

Why fixed income still belongs in your clients' portfolios
Why fixed income still belongs in your clients' portfolios

In an era of AI euphoria and market FOMO, getting back to basics with fixed income may be the most contrarian and most important move advisors can make.

Voya expands advisor managed accounts to add private market assets
Voya expands advisor managed accounts to add private market assets

Voya Financial adds private equity, credit and real estate options to its AMA program, building on support for looser federal investment rules in retirement accounts.

With executives leaving, Osaic’s Reid now in the spotlight
With executives leaving, Osaic’s Reid now in the spotlight

Shannon Reid, president of Osaic and the network’s number two executive, has plenty of challenges, industry executives said.

Investors sue crypto fund and platform, alleging $1.5 million never returned
Investors sue crypto fund and platform, alleging $1.5 million never returned

Auditors flagged the commingling. The COO allegedly knew. Investors kept getting the pitch

Wells Fargo nabs $1.7B RBC advisor team, loses two teams to LPL
Wells Fargo nabs $1.7B RBC advisor team, loses two teams to LPL

The advisors on the move include two brothers leading a family practice in Connecticut, and a husband-and-wife tandem working with business owners in the West Coast.

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.