The recent cyberattacks across the globe have caused the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) to issue an alert and highlight certain best practices for firms to handle these ransomware attacks.
The OCIE staff based this guidance on its review of various firms, concluding that these firms should perform a cyber-risk assessment; conduct penetration and vulnerability tests; and ensure software maintenance such as updates and software patches if applicable. The OCIE staff found that many firms had deficiencies. Further, according to the OCIE staff, firms should develop contingency plans in the event a cyberattack were to be successful.
Finally, the securities industry is not immune from these cyberattacks, and firms need to take precautions. Essentially, this is no longer just a compliance issue, but an entire firm issue, and those executives need to take notice because the next time it happens your firm may not be so lucky.