It’s sad to say, but sometimes major cybersecurity breaches are missed; swept away by a headline grabbing event. In this case, it was the disclosure of a Securities & Exchange Commission data breach overlooked due to the Equifax incident.
Cyber protection insurance can protect private businesses from similar incidents by addressing security gaps, recommending improvements and aiding the disclosure process.
Below we will look at the SEC breach, what the agency is doing to recovery and what private businesses can learn from this occurrence.
Cyber Insecurity for the Security & Exchange Commission
If you’re not familiar with the SEC, all you need to know is that it is charged with regulating U.S. markets. However, the aforementioned breach compromised that endeavor by potentially allowing for hackers to trade on inside information. This is a big deal because it means that intruders were possibly able to unfairly game the stock exchange.
According to the SEC chairman Jay Clayton, the breach was first detected over a year ago, but it wasn’t until August 2017 that the commission learned it “may have provided the basis for illicit gain through trading.”
This incursion was made possible by exploiting a software vulnerability in the agency’s electronic data gathering, analysis and retrieval (EDGAR) system. This is the same digital system where companies submit their financial filings, making it a hot target for sophisticated cybercriminals.
Clayton went on to say that the security gap was patched swiftly after it was discovered.
“We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk,” he said.
Clayton has since been questioned by a Senate panel, which discussed, among other things, how the SEC is addressing the breach and how they would manage the fallout of the Equifax breach. The Washington Post reported that the SEC is hiring more cybersecurity professionals to assist in these efforts.
In a separate published statement, SEC commissioner Michael Piwowar said, “Effective management of internal cybersecurity risk is critical to the SEC achieving its mission and to protecting the nonpublic information that is entrusted to this agency.”
So, what exactly can small- and medium-sized businesses learn from the hacking of the SEC? First, it reveals that financial information is at the top of a hackers’ hit list. If your organization houses financial data on your clients or customers (and it probably does), then you’ll need to pay extra attention in protecting it.
It also reveals that software security gaps are a relatively easy way to infiltrate an otherwise powerful organization. Do your best to keep all your software solutions up to date with the latest patches.
Finally, it reminds private businesses to have a contingency plan in place. This way disclosures can be carefully coordinated. Or as Clayton said, “One of the worries in a situation like this is that when you make a disclosure, other people try to test and probe.”
If you are ready to take your cyber protections seriously, it’s time to visit CyberPolicy for a free cyber insurance quote. It will be the smartest decision you make