The North American Securities Administrators Association ismulling a model cybersecurity rule for investment advisors andis currently developing cyber guidance and a “checklist” for smalladvisory firms to use to assess their cyber preparedness.
|Related: 3 ways financial firms fail at cybersecurity
|“Cybersecurity is a growing challenge for the securitiesindustry and for securities regulators at all levels,” MikeRothman, NASAA president and Minnesota commissioner of commerce,said Friday at NASAA’s Cybersecurity Roundtable in Washington. “Nosecurities firm or investment advisor of any size can afford theloss in client trust — much less financial losses — that willresult from a serious cybersecurity failure. And no investor shouldhave his or her personal information compromised or hard-earnedmoney stolen.”
|Related: 10 cybersecurity steps forRIAs
|Rothman said that information gleaned through NASAA’s“cybersecurity module,” developed for state securities examiners’coordinated advisor exam programs, “will help inform ourconsideration of a possible model cybersecurity rule for investmentadvisors.”
|Catherine Jones, who heads NASAA’s Investment Adviser Sectionand its Cybersecurity and Technology Project Group and who spoke ona panel at the conference, said that the checklist will providesmaller advisors “with questions to ask themselves to do a riskassessment.”
|State advisors “need education on cybersecurity issues,” Jonessaid. “Along with the checklist, we will be creating some guidancefor the state IAs.”
|NASAA also provides a resource document to help state examinersbrush up on cyber issues.
|Jones noted that three states — New York, Vermont and Colorado —currently have cyber regs in place.
|Cyberattacks “have become increasingly sophisticated andwidespread,” Rothman said.
|In 2016, Rothman continued, “the number of U.S. data breachesreached an all-time high of 1,093 reported to the identity theftresource center; that’s an increase of 40% over the 780 breachesreported in 2015.”
|Data breaches will cost businesses over $8 trillion over thenext five years, according to a recent Juniper report, Rothmanadded. The report also found that the number of personal datarecords stolen by cybercriminals will reach $2.8 billion this yearand $5 billion in 2020.
|Christopher Hetner, senior cybersecurity advisor to Securitiesand Exchange Commission Chairman Jay Clayton, stated at the NASAAevent that the agency is “keenly focused” on cybersecurity issuesas it views cybersecurity as a “persistent advanced threat.”
|Some of the “attack factors” the SEC has noticed againstregistrants include “trying to trick advisors into sending money toother parties; others are designed to pilfer private information tothen be repurposed for other means,” Hetner said. “We’ve seen anincrease in ransomware as well, … systems and files will bedisabled and trade operations” will be halted.
|“The commission realizes the threat landscape continues to grow,so we’re focused on ensuring our internal systems, as well as ourpolicies … continues to evolve.”
|Hetner, also the cybersecurity lead for the Technology ControlProgram within the SEC’s Office of Compliance Inspections andExaminations, said the cyber team helps to inform rulemaking, examactivity, and from an enforcement perspective is “largely focusedon illicit trading and violations to our rules andregulations.”
|Jonathan Dean, supervisory special agent, cyber division andmission critical engagement unit at the FBI, who also spoke at theevent, said that there are six types of cyberattacks:
|Hacktivism — “Think activist,” he said, such as an “animalrights group trying to commit [a hack] in furtherance of politicalor societal idealogy.”
|Crime: “Straight-up criminals going after personal informationfor money — plain and simple”;
|Insider: “Employees that are disgruntled’:
|Espionage: Two forms — nation-state and economic
|Terrorism: “They want to shut off the power grid, wreakhavoc”;
|Warfare: Military — going after the air traffic controllers; aforeign government attack, such as an attack on the U.S.election.
|What’s the biggest scheme now? Business email compromise, Deansaid, which “doesn’t get enough press.”
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical BenefitsPRO information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
- Exclusive discounts on ALM, BenefitsPRO magazine and BenefitsPRO.com events
- Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Melanie Waddell
Melanie is senior editor and Washington bureau chief of ThinkAdvisor. Her ThinkAdvisor coverage zeros in on how politics, policy, legislation and regulations affect the investment advisory space. Melanie’s coverage has been cited in various lawmakers’ reports, letters and bills, and in the Labor Department’s fiduciary rule in 2023. In 2019, Melanie received an Honorable Mention, Range of Work by a Single Author award from @Folio. Melanie joined Investment Advisor magazine as New York bureau chief in 2000. She has been a columnist since 2002. She started her career in Washington in 1994, covering financial issues at American Banker. Since 1997, Melanie has been covering investment-related issues, holding senior editorial positions at American Banker publications in both Washington and New York. Briefly, she was content chief for Internet Capital Group’s EFinancialWorld in New York and wrote freelance articles for Institutional Investor. Melanie holds a bachelor’s degree in English from Towson University. She interned at The Baltimore Sun and its suburban edition.
