Does the Regulator Withhold Important Disclosures?
just two weeks before a cybersecurity breach, the U.S. Securities and Exchange Commission (SEC) was alerted to critical flaws in cybersecurity defenses. The warning was issued via a report by the Office of Inspector General (OIG) detailing the SEC’s inadequacies in maintaining strong security measures for digital assets.
The report published by Cotton & Company Assurance and Advisor emphasized the need to improve various security protocols, including vulnerability management and immediate risk assessment.
Based on the document, the SEC was recommended to enhance its information security controls to include risk management, security training, and ongoing diagnostics. Ignoring these recommendations, a breach occurred on January 9 when an unauthorized entity accessed the SEC’s X account and deceived the public with a false statement regarding Bitcoin ETF approval.NEW: Remember @SECGov X hack from January 9th? The agency’s last update on Jan. 22 said it was working with several outside agencies, including the Office of Inspector General and the FBI, on the incident.
But it looks like in 2023 the SEC OIG will have a…
— Eleanor Terrett (@EleanorTerrett) May 6, 2024
Details of the January SEC Hack
In addition to breaching the SEC’s communications, the cyberattack also had a significant monetary impact; reports claimed that the false announcement resulted in a $90 million liquidation of the market.
This incident required a SIM swapping attack, a trick that attackers used to gain control of the victim’s phone number and evade security measures that included two-factor authentication, which the SEC had not implemented for that account.
Following the incident, the SEC announced that the breach was limited to social media and did not reach internal systems or data. The hackers’ point of entry was through the telecom operator rather than a direct compromise of the SEC’s digital infrastructure, the agency said.
Congressional Response and Calls for Responsibility
The breach sparked an immediate response from lawmakers, with Congresswoman Anne Wagner expressing concern about the impact of the hack. Describing the incident as a prime example of market manipulation, Wagner said he plans to ask SEC chairman Gary Gensler more questions about post-cyberattack governance and response.
The regulatory investigation has focused on the adequacy of the SEC’s response to the initial OIG report and what possible inaction the regulator may have taken following the report to address the vulnerability that led to the January hack.
SEC’s Ongoing Response
The SEC’s cybersecurity posture is expected to improve following the attack. They continue to work to improve the strength of their information security programs, as the SEC claims.
However, details on how these improvements will be implemented are lacking; This points to transparency issues and the effectiveness of the SEC’s response to both the OIG report and the cyber incident in January.
The OIG’s timeline called for the SEC to submit its action plan within 45 days of receipt of the December report, a timeline that came just before the hack. This led to further investigations into the adequacy and timeliness of the SEC’s administrative actions and compliance with its cybersecurity recommendations.
Also read: SEC Postpones Invesco Galaxy Ethereum ETF Decision to July
✓ Share:
Kelvin is a distinguished author specializing in crypto and finance, with a bachelor’s degree in Actuarial Science. Known for her sharp analysis and insightful content, she is fluent in English and specializes in comprehensive research and on-time delivery.
The content presented may contain the personal opinion of the author and is subject to market conditions. Do your market research before investing in cryptocurrencies. Neither the author nor the publication accepts any liability for your personal financial loss.
#Regulator #Withhold #Important #Disclosures
