SEC told to improve cyber attack defences

The Securities and Exchange Commission (SEC) must do more to improve its defences against cyber attacks, says the US Government Accountability Office (GAO).

  12 Be the first to comment

SEC told to improve cyber attack defences

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Wall Street's top regulator is failing to consistently protect its network boundaries, authenticate users and encrypt sensitive information while in transmission, says the GAO in its report.

The report says that the SEC has resolved 47 of 58 recommendations made by the GAO in a 2015 audit but is still falling short in several areas such as authorising access to resources and auditing and monitoring actions taken on its systems and network.

In addition, the report finds another 15 new "control deficiencies" that are holding back the SEC's ability to protect itself. Among these are a failure to consistently control logical access to financial and general support systems and using unsupported software to process financial data.

These weaknesses exist, in part, because the SEC did not fully implement key elements of its information security programme, says the GAO. For example, the watchdog did not maintain up-to-date network diagrams and asset inventories in its system security plans for its general support system and its key financial system application.

The report says that while the issues it has found do not constitute a "material weakness or significant deficiency", they warrant SEC management attention, prompting another 26 recommendations.

"Until SEC mitigates these deficiencies, its financial and support systems and the information they contain will continue to be at unnecessary risk of compromise," says the GAO.

The SEC has concurred with the recommendations.

Sponsored [On-Demand Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates

Comments: (0)

[On-Demand Webinar] PREDICT 2025: The Future of AI in the USFinextra Promoted[On-Demand Webinar] PREDICT 2025: The Future of AI in the US