July 21, 2017

July 20, 2017

Subscribe to Latest Legal News and Analysis

July 19, 2017

Subscribe to Latest Legal News and Analysis

July 18, 2017

Subscribe to Latest Legal News and Analysis

SEC Issues Risk Alert in Response to WannaCry Ransomware Attack

On May 17, the Securities and Exchange Commission Office of Compliance Inspections and Examinations (OCIE), issued a Risk Alert in response to the widespread ransomware attack known as WannaCry, WCry, or Wanna Decryptor that started on May 12. The attack infected computers and servers of various organizations in more than 100 countries. The Risk Alert encourages broker-dealers and investment management firms (collectively, “Firms”) to review the May 12 alert published by the US Department of Homeland Security’s Computer Emergency Readiness Team and evaluate whether applicable patches for their operating systems are properly and timely installed.

The Risk Alert also references OCIE’s recently conducted examination of 75 SEC registered Firms to assess industry practices and legal, regulatory and compliance issues related to cybersecurity practices. The OCIE examination found that 26 percent of investment advisers did not conduct periodic risk assessment of critical systems, and 57 percent of investment management firms did not conduct penetration tests and vulnerability scans on critical systems. In addition, a much smaller number of Firms had a significant number of critical and high-risk security patches that were missing important updates. The Risk Alert indicates that in addressing cybersecurity risks and preparedness, Firms should consider (1) implementing periodic cybersecurity risk assessments and a process for ensuring the regular installation of software patches; and (2) conducting penetration tests and vulnerability scans.

The US Department of Homeland Security’s alert is available here.

The SEC Risk Alert is available here.

©2017 Katten Muchin Rosenman LLP

TRENDING LEGAL ANALYSIS


About this Author

David Y. Dickstein, Financial Services Lawyer, Katten muchin law firm
Partner

David Dickstein represents broker-dealers, investment advisers, investment companies and hedge funds in connection with a variety of regulatory, compliance and operational matters. David regularly counsels investment advisers on registration and regulatory matters, such as the need for registration, conflict of interest disclosures, soft dollars and best execution, firm advertising and marketing, federal and state pay-to-play matters, trade allocations and personal trading. He also advises broker-dealers on registration and ongoing compliance matters, mutual fund supermarkets...

212-940-8506