(Commonwealth Union) _ According to Richard Best, director of the SEC’s examinations division, businesses of all sizes are at risk from internet assaults. “Cybersecurity threats are going to continue to be a persistent and growing menace, not only to investors but to financial institutions and the very fabric of our markets,” he said. Best made this statement at the ComplyConnect conference in Austin, Texas. “The last 12 to 24 months have just been a really busy time,” he added. Cybercriminals are just as motivated to break down the gates of big corporations as they are to assault a small brokerage or advice company.
Organizations of all sizes must protect their systems, have a strategy to deal with any infiltrations, and go back to business as usual, according to Best. “The days of safety via concealment are gone. Simply because you don’t work for a major multinational. Earlier this year, the Securities and Exchange Commission put up a cybersecurity regulation for investment advisors. A lot of advisors and groups that support them have protested the measure for requiring a 48-hour reporting window for cyberattacks, which they claim would be challenging to comply.”
Best didn’t discuss the suggestion, but he did list a few cyber flaws the agency had come across over the years in assessments. They consist of not having cybersecurity rules and procedures in place or not adhering to them, permitting too many multifactor authentication exceptions, and not providing employee training. Lack of interest in cybersecurity among senior corporate leaders was another issue. The threats we perceive in this sector are numerous, according to Best. “We see that across all of our registrants. Because of the growing interconnection in this field, it is crucial to pay attention to these hazards.”
In addition to addressing internal cybersecurity rules and processes, advisors should evaluate their vendors’ vulnerabilities and take the likelihood of breaches connected to natural catastrophes and remote work into account. Better than cleaning up after a cyber disaster, like a ransomware assault, is anticipating and preparing for it, according to SEC’s examinations division director.
