SEC Calls Out Financial Sector for Poor Security
The US Securities and Exchange commission has called out the major trading exchanges and financial clearinghouses for being reckless in their cybersecurity postures.
SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C. that a recently concluded investigation showed that security policies that are in place fail to take into account the threat landscape as it is today.
“What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks,” she said, adding that SEC examiners are proactively assessing broker-dealers and investment advisors on their security implementations. “As we go out there now, we are pointing that out. We can’t do enough in this sector.”
A former member of the World Bank’s security team, Tom Kellermann (now CEO at investment firm Strategic Cyber Ventures), told Business Insider that her frankness is “a historic recognition of the systemic risk facing Wall Street.”
Dave Amsler, president and founder of Raytheon Foreground Security, told Infosecurity that the financial services industry cannot afford to ignore the warning.
“Financial services organizations feel increased pressure from stakeholders to bolster their cybersecurity posture as cybercriminals target their networks and regulatory challenges increase,” he said. “For cybercriminals, the business of money remains a prime target. When the malicious actors are more sophisticated groups or nation states, the risk escalates as they eye financial market manipulation or severe damage.”
This is playing out in real life: In February, a bug in SWIFT banking software was exploited to allow hackers to make off with $81 million from Bangladesh’s central bank.
He added, “The recent SWIFT heist demonstrates that financial institutions cannot afford to wait and react; they have to proactively hunt for these persistent and determined threats within their environments.”
Photo © g0d4ather/Shutterstock.com
Source: Information Security Magazine