The recent CrowdStrike incident took many industries by surprise and highlighted the importance of cybersecurity for wealth management firms at a time when the SEC is focused on cybersecurity regulations. To help analyze the impact of the Crowdstrike shutdown on the wealth management industry, FusionIQ’s Information Security Officer, John Messinger, was asked to share his insights on the event and outline how wealth management firms can prevent similar situations from occurring in the future.
John Messinger, Information Security Officer, FusionIQ:
The July CrowdStrike incident underscores significant cybersecurity concerns for wealth management firms, particularly concerning the interconnectivity and dependencies within their technology infrastructure. This event is a stark reminder of the potential risks associated with relying heavily on single vendors or systems. The impact, although not malicious, highlights the necessity for robust contingency plans and diversified security measures that are architected with disaster recovery as a key requirement.
Many lessons can be learned from this event, including the importance of comprehensive testing protocols and staged rollouts for updates and patches to prevent widespread disruptions. Wealth management firms should prioritize a well-defined incident response plan incorporating more than just threats and exploits, with a system architecture emphasizing a disaster recovery capability incorporating automation. Automation is crucial in maintaining the availability of key systems and functions at scale, ensuring swift recovery with minimal manual intervention.
To mitigate similar incidents, firms should invest in regular assessments of their vendors, audit their incident response plans, incorporate continuous monitoring, and deploy disaster recovery solutions that leverage automated processes. These measures will enhance resilience and ensure that disruptions are swiftly addressed, minimizing the impact on operations and client data, safeguarding the firm’s reputation and client trust.