October 20, 2020

Volume X, Number 294

October 19, 2020

Subscribe to Latest Legal News and Analysis

SEC Issues Warning for Advisors and Broker-Dealers on Increased Ransomware Attacks

On July 10, 2020, the Securities and Exchange Commission, through its Office of Compliance Inspections and Examinations (OCIE), issued a warning to advisors and broker-dealers to “immediately” review their cybersecurity controls to prevent and respond to an increase in phishing campaigns and ransomware attacks.

The Risk Alert advises that the OCIE has “observed an apparent increase in sophistication of ransomware attacks on SEC registrants, which include broker-dealers, investment advisors, and investment companies….OCIE has observed ransomware attacks impacting service providers to registrants” and referred SEC registrants and other financial services providers to the Department of Homeland Security Infrastructure Security Agency’s (CISA) guidance published on June 30, 2020 warning of recent ransomware attacks.

OCIE encouraged SEC registrants and providers to share the CISA guidance with their vendors that have access to, collect, and maintain client assets and records for SEC registrants.

The OCIE Alert provides “observations to assist market participants in their consideration of how to enhance cybersecurity preparedness and operational resiliency to address ransomware attacks. We have observed registrants utilizing the following measures:”

  • Incident response and resiliency policies, procedures and plans
  • Operational resiliency
  • Awareness and training programs
  • Vulnerability scanning and patch management
  • Access management
  • Perimeter security

All of these observations are basic cyber hygiene and are a timely reminder in the wake of a continued rise in ransomware attacks.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume X, Number 197

TRENDING LEGAL ANALYSIS


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353