Tag Archives: cyber risks

Ransomware: A Crippling and Ever-Present Threat

Ransomware continues to cast a long shadow, dominating the cyberthreat landscape for small and medium-sized businesses (SMBs), according to a recent report from Datto.

Ransomware was the most common cyberattack experienced by SMBs in 2018, with companies facing these attacks more than viruses or spyware.

Datto’s Report

The report surveyed 2,400 managed service providers (MSPs) that provide IT support for roughly half a million SMBs worldwide. It found that ransomware attacks occur frequently and are, unsurprisingly, expected to increase.

More than 55% of those surveyed said their clients experienced a ransomware attack in the first six months of 2018, and 35% said their clients were attacked multiple times – often in the same day. 92% of MSPs said they predict the number of attacks will continue at current or increased rates. Continue reading Ransomware: A Crippling and Ever-Present Threat

SEC Issues Cybersecurity Guidance

The Securities and Exchange Commission’s (SEC) Division of Investment Management issued IM Guidance Update No. 2015-02 highlighting security practices that investment companies should consider in addressing cyber risks. The guidance focuses on several factors in addressing cyber risks (among others):

  1. Conducting periodic assessments of the nature and location of information, internal and external cyber threats, controls and processes in place, the impact of a system compromise, and the management’s effectiveness in the governance of cyber risk.
  2. Creating a strategy to prevent, detect, and respond to cyber threats.
  3. Implementing the strategy through policies and procedures.

According to the guidance, “funds and advisers should identify their respective compliance
obligations under the federal securities laws and take into account these obligations
when assessing their ability to prevent, detect and respond to cyber attacks. Funds and
advisers could also mitigate exposure to any compliance risk associated with cyber
threats through compliance policies and procedures that are reasonably designed to
prevent violations of the federal securities laws.”