The Latest / Data Security News

SEC Warned of Deficiencies Prior to Hack

October 12, 2017

Last month, the SEC (Securities and Exchange Commission) revealed the details of a hack into its systems. New details have emerged that prior to the incident, its internal security team had officially complained about lack of resources and funding for its department.


The Digital Forensics and Investigation Unit

The SEC’s inspector General, Carl Hoecker, established the Digital Forensics and Investigation Unit in 2015. It was designed to not only improve the security of the SEC’s work but also help support the SEC’s investigation capabilities into criminal inquiries. Far from detecting hacks and assisting elsewhere, chronic underfunding would seem to have stopped threats within the SEC itself being detected.

The memo came from the head of the Digital Forensics Unit and was directed at the Inspector General. It complained about underfunding, undertraining and second-hand equipment. The hardware budget was $100,000 for the 2017 fiscal year, which the memo estimated was half a million under what was really needed.

The memo’s writer said:

“Even though the [unit] has been in existence for over one year, there is no strategic vision and no clear objectives.”

Two months after the memo was delivered, the hack into the SEC’s systems took place.

Putting security first

For organizations, cyber security can no longer be an afterthought, and it can no longer just be an independent department left to do its own thing in the corner. We obviously can’t make too big a claim about the exact inner working of the SEC – but it’s a demonstrative example. Creating a cyber security team and leaving them to get on with it is not the answer.

Cyber security needs to be given the same equal importance as any other department, and integrated into organizations from the top to bottom. Top leaders of organizations need to take interest and take it seriously – establishing a culture right throughout an organization. Here at Global Data Sentinel, we give organizations the tools to do just that, because if cyber security is neglected, it will come back to cause trouble. Find out more here.