June 7, 2020

June 05, 2020

Subscribe to Latest Legal News and Analysis

June 04, 2020

Subscribe to Latest Legal News and Analysis

SEC Issues Risk Alert in Response to WannaCry Ransomware Attack

On May 17, the Securities and Exchange Commission Office of Compliance Inspections and Examinations (OCIE), issued a Risk Alert in response to the widespread ransomware attack known as WannaCry, WCry, or Wanna Decryptor that started on May 12. The attack infected computers and servers of various organizations in more than 100 countries. The Risk Alert encourages broker-dealers and investment management firms (collectively, “Firms”) to review the May 12 alert published by the US Department of Homeland Security’s Computer Emergency Readiness Team and evaluate whether applicable patches for their operating systems are properly and timely installed.

The Risk Alert also references OCIE’s recently conducted examination of 75 SEC registered Firms to assess industry practices and legal, regulatory and compliance issues related to cybersecurity practices. The OCIE examination found that 26 percent of investment advisers did not conduct periodic risk assessment of critical systems, and 57 percent of investment management firms did not conduct penetration tests and vulnerability scans on critical systems. In addition, a much smaller number of Firms had a significant number of critical and high-risk security patches that were missing important updates. The Risk Alert indicates that in addressing cybersecurity risks and preparedness, Firms should consider (1) implementing periodic cybersecurity risk assessments and a process for ensuring the regular installation of software patches; and (2) conducting penetration tests and vulnerability scans.

The US Department of Homeland Security’s alert is available here.

The SEC Risk Alert is available here.

©2020 Katten Muchin Rosenman LLP


About this Author

David Y. Dickstein, Financial Services Lawyer, Katten muchin law firm

David Dickstein represents broker-dealers, investment advisers, investment companies and hedge funds in connection with a variety of regulatory, compliance and operational matters. David regularly counsels investment advisers on registration and regulatory matters, such as the need for registration, conflict of interest disclosures, soft dollars and best execution, firm advertising and marketing, federal and state pay-to-play matters, trade allocations and personal trading. He also advises broker-dealers on registration and ongoing compliance matters, mutual fund supermarkets...

Gregory Uffner, Financial Services Attorney, Katten Law Firm

Gregory Uffner is an associate in the Financial Services practice. 

While in law school, Gregory was an associate editor for the Moot Court Board, a member of the Fordham Urban Law Journal and served as managing editor for the Fordham Sports Law Forum.