The Securities and Exchange Commission has issued a Risk Alert warning about an increase in cybercrimes targeting financial professionals and institutions. The document, issued by the SEC’s Office of Compliance Inspections and Examinations (OCIE), says scammers have targeted “broker-dealers, investment advisers, and investment companies” and others in the financial services industry with phishing and ransomware attacks.
Ransomware is a type of malicious software, or malware, that allows a scammer to illegally access a computer system and lock out the rightful owner until a ransom is paid. Phishing is a method that cyber scammers may use to install ransomware. It typically involves sending emails to legitimate users and enticing them to click infected links or open infected attachments.
OCIE recommends that financial professionals and companies protect themselves by following recommendations of the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), which include having:
- Response and resiliency policies, procedures and plans
- An operational resiliency plan to allow rapid restoration of critical systems
- Awareness and training programs
- Vulnerability scanning and patch management programs
- Access management systems and procedures
- Perimeter security able to able to control, monitor, and inspect all incoming and outgoing network traffic