How do we stay safe when the regulators are getting Hacked?
One of the major roadblocks in today’s business world is security. We are constantly trying to stay ahead of the “bad guys” by staying up on the newest technologies to keeps us safe. We even have regulations which, in theory, should keep us safe. But, what happens when those in charge of the regulations themselves get hacked? And, what happens when regulators aren’t following their own protocols?
In September of 2017, The Securities and Exchange Commission (SEC) revealed that it had been hacked in 2016 which led to accessed data which could have led to illegal profit. It was revealed by the SEC in a statement about cybersecurity in September of 2017 that the system known as EDGAR had a “software vulnerability” that was “exploited and resulted in access to nonpublic information.” It is now known that the SEC did know about the breach soon after it happened in 2016 and patched the compromised software. Unfortunately, the SEC chose not to report its findings until it was recognized that illegal profits potentially were made when the intruders had access to the database of millions of filings on corporate disclosures ranging from quarterly earnings to statements on mergers and acquisitions.
In July of 2017, months after the breach had been detected, a 27-page report was released by The Government Accountability Office which is a “congressional watchdog.” In this report, it was made clear that the infamous regulators of Wall Street did not always comply with their own enforced regulations. A few of these findings noted were; not always encrypting sensitive information, using unsupported software, failing to fully implement an intrusion detection system and making missteps in how it configured its firewalls. In addition to these blatant security faux pas the SEC also did not follow the rules they put in place for the securities industry requiring companies to disclose cybersecurity breaches to investors. This is extremely surprising as the SEC has personally investigated companies regarding their promptness in disclosing such matters.
What should we take away from this scary and disheartening situation? The regulations are obviously there for a reason and security is definitely not something to be trifled with! Security breaches can sadly happen to anyone although, if we enforce the reccomendations to the fullest extent, we hopefully can sleep well at night knowing we are doing all that we can to keep our data and our clients’ data as safe as possible! Luckily, there is team of security experts at Pendello Solutions that can help us navigate the path of security guidelines, regulations and recommendations. Give these knowledgeable guys a call today and they will make sure back-side is as covered as utterly possible.