Financial Crimes – A growing Epidemic
Some of you may have heard that there was a breach at the Security Exchange Commission (SEC) back in 2016. However, the impact of the breach is only recently being detailed. The hackers were able to breach the Edgar System, which is used to transmit data related to company filings. Usually, the company would send “dummy” information for testing. However, there were some companies that used real data during the testing and it was stolen. The breach was discovered when SEC’s monitoring noticed anomalous activity in the form of suspicious trades that could only be based on data that was not yet made public. This caused the SEC’s IT office to investigate. Their investigation found that the data stolen in a breach from 2016 was being used to make trades on the stock market.
What lessons can we learn from this breach?
- As a company, the more personal information you hold, the more likely you will be breached.
- Stolen data can have a long shelf life.
- Being in compliance with your applicable regulatory body does not mean you are secure.
Now, you may be asking yourself; if an organization like the SEC can be breached, then what could you possibly do to protect yourself? That answer is simple, but the “how” can be difficult. Here are a few thoughts:
Be Diligent – Don’t try to invest in cybersecurity in big chunks, invest in it overtime and continuously. This will give you an opportunity to measure the success of your mitigations before investing in them. Also, it will allow you to be more agile if changes in your mitigation strategy need to be made.
Technology alone is not the answer – You must invest in people and processes. In the case where you can’t afford to hire full-time security professionals or you don’t have the in-house expertise to appropriately address your processes, then look to a service provider who specializes in Cybersecurity solutions and training. Allow the service provider to supplement your capabilities until you are ready to handle your security efforts on your own.
Prevention is not the only answer – In today’s world, it is almost inevitable that you are or will be breached. With that thought in mind, it is time to start focusing on your response. This means you need to ensure that you have a well thought out and tested incident detection and response plan. It is more important to keep your data from leaving your network than it is to keep hackers out. If the hacker is in your network and they can’t figure a way to exfiltrate the data, then what have you lost?
If your company would like some help in Cybersecurity strategy and vulnerability management, CarTek Consulting is here to help.
Visit our website, www.cartekconsulting.com ,and sign-up for our free cybersecurity assessment, today.
The CarTek Consulting Family