The IIROC’s focus on cybersecurity isn’t that new either. In a dedicated corner of the SRO website, it offers a wealth of information that will help members adequately prepare and respond to digital threats. This includes a collection of guides and resources to help dealers and their customers protect themselves. The earliest were released in December 2015.
“I think it’s important to put in context that cybersecurity risks have been a major focus for a number of years. It’s not just a new phenomenon, “said Irene Winel, Senior Vice President of Member Regulation and Strategy, in an interview with Wealth Professional. “However, with increasing digitalization, an increasing flow of digital assets, and all types of people working from home as a result of the pandemic, these risks have certainly increased in our industry as well as in other industries around the world.”
Winel declined to provide concrete metrics on how much the cyber risk threat has increased in the investment industry, but previous communications from the IIROC indicate hotspots of malicious activity. In March, it issued a notice outlining the steps businesses could take to prevent, detect, and respond to ransomware attacks. Another announcement last June focused on cloud services and application interfaces, which are increasingly being targeted by cyber attackers who are able to identify and exploit specific vulnerabilities.
Describing the past year as a “test of corporate resilience,” Winel said companies have carefully crafted business continuity plans even as they have made arrangements to work from home due to the pandemic. She also stressed the need for organizations to improve their security, learn more about emerging threats, and conduct much-needed organizational readiness tests.
“The IIROC’s focus has been over the years and continues to support the smaller and independent businesses that may not have the benefit of being part of larger integrated institutions and all of their associated resources,” she added.