SEC Risk Alert - Ransomware Targets Investment Companies

by Joel Cahill

You know it's bad when your regulator issues a warning.

In this case, it's the Securities and Exchange Commission (SEC - not the football conference). The SEC oversees your stock broker, as well as investment companies.

The Office of Compliance Inspections and Examinations has also observed an apparent increase in sophistication of ransomware attacks on SEC registrants.

Cybercriminals are no dummies - they've even formed a cartel to enhance their attacks! They attack investment companies because that's where the money is. Hacker groups know they can extract more ransom from companies that have a reputation to uphold, regulators to appease or sensitive data protect.

In addition, OCIE has observed ransomware attacks impacting service providers to registrants.

To broaden the net, the attacks have spread to the vendors and partners of investment companies. Cybercriminal gangs know they can target smaller companies to hit their larger clients.

So what does the SEC instruct companies to do next?

  • Implement an incident response plan
  • Audit operational resiliency
  • Adopt security awareness training
  • Manage privileged access
  • Enhance network security

Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

To get a quote, set up a call with our (non-pushy) team here!

For more, see the SEC Risk Alert here.
[https://www.sec.gov/files/Risk%20Alert%20-%20Ransomware.pdf]