The SEC Office of Compliance Inspections and Examinations (OCIE) has issued a Cybersecurity Ransomware Alert due to an apparent increase in sophistication of ransomware attacks on SEC registrants.
Recent reports indicate that one or more threat actors have orchestrated phishing and other campaigns designed to penetrate financial institution networks to access internal resources and deploy ransomware. Ransomware is a type of malware designed to provide an unauthorized actor access to institutions’ systems and to deny the institutions use of those systems until a ransom is paid.
The perpetrators behind these attacks typically demand compensation (ransom) to maintain the integrity and/or confidentiality of customer data or for the return of control over registrant systems. In addition, OCIE has observed ransomware attacks impacting service providers to registrants.
What should firms do to protect themselves?
To enhance cybersecurity protections and preparedness, the OCIE recommends implementing the following measures:
- Incident Response Policies, Procedures, Planning and Testing including Disaster Recovery
Assessing, testing, and periodically updating incident response and resiliency policies and procedures, such as contingency and disaster recovery plans
- Operational Resiliency
Determining which systems and processes are capable of being restored during a disruption so that business services can continue to be delivered.
- Cybersecurity Training & Awareness
Cybersecurity awareness training provides employees with information concerning cyber risks and responsibilities and heightens awareness of cyber threats such as ransomware.
- Vulnerability Scanning & Patch Management
Implementing proactive vulnerability and patch management programs that take into consideration current risks to the technology environment, and that are conducted frequently and consistently across the technology environment.
- Access Management & Risk Assessment
Configuring access controls so users operate with only those privileges necessary to accomplish their tasks.
- Perimeter Security
- These technologies include firewalls, intrusion detection systems, email security capabilities, and web proxy systems with content filtering.
- Geographic Separation of Back-up Data
Data should be backed up off-site in a secure location through a reputable data center.
- Work from Home Best Practices
This includes using a trusted virtual private network (VPN), which provides a secure connection and protects transmitted data from tampering and interception.
- Prohibit social media applications
There have been reports that the social media application TikTok, has the ability to not only read data on a device that it is installed in, but to also to upload data and malicious apps to the device being used to access the application. Users should treat TikTok with caution like they would with any other social platform (i.e. Facebook, Twitter, etc.). Almost all of these platforms are vulnerable to security flaws, and provide loopholes for hackers to access data and install malware.
The SEC recognizes that there is no such thing as a “one-size fits all” approach to cybersecurity. ACE IT Solutions believes that this approach applies to all businesses, regardless of industry.
ACE IT Solutions provides customized solutions to its clients while delivering institutional cybersecurity services to financial firms to help combat ransomware threats and meet the SEC’s requirements. Contact us at firstname.lastname@example.org or 646-558-5575 for more details about protecting your firm from ransomware.
Read the full SEC OCIE alert here: https://www.sec.gov/ocie/announcement/risk-alert-ransomware