The Securities and Exchange Commission (SEC) was warned about its cybersecurity weaknesses two weeks before a January breach. In a tweet, the Office of the Inspector General (OIG) highlighted flaws in SEC cybersecurity practices, including vulnerability management and risk assessment.
The tweet also offers suggestions for improving information security controls through risk management and cybersecurity awareness training.
On January 9th, an unauthorized party hacked into the SEC’s social media network and falsely revealed to the public that a Bitcoin ETF had been approved. According to the report, this event resulted in losses of $90 million.
SEC’s Lack of Cyberattack Reporting Framework Raises Concerns
Because the SEC has not established an accountability framework that reports any cyberattacks to the public, there are concerns about the effectiveness of the commission’s cyber response and commitment to cybersecurity.
Aside from the SEC briefing on the security vulnerabilities identified by the OIG report, there has been no information on how security breaches will be handled.
It’s unclear whether the SEC will face any consequences for failing to act on past warnings.
Also read: Litecoin Founder Optimistic About SEC’s Approval of Litecoin ETF