News & Insights

SEC Provides Updates from Investigation of 2016 Cyber Intrusion

October 3, 2017

SEC Provides Updates from Investigation of 2016 Cyber Intrusion

WHAT HAPPENED?

On October 2, 2017, the SEC provided an update on its ongoing staff investigation of the 2016 cyber intrusion into the EDGAR system.  The SEC announced that the third party performing the intrusion acquired the names, birth dates and social security numbers of at least two individuals.  In response to this data breach, the SEC has stated that it will provide identity theft protection and monitoring services to the two affected individuals and any other individuals whose sensitive information may have been accessed.

THE SEC’s NEXT STEPS

Chairman Clayton has provided an update on steps the SEC will take to evaluate and improve the cybersecurity risk profile of its EDGAR system.    The SEC’s efforts will be organized into the following five key work streams:

  1. The Office of Inspector General’s examination of the 2016 EDGAR intrusion;
  2. The Division of Enforcement’s investigation into the 2016 EDGAR intrusion and its facilitation of potential illicit trading;
  3. An assessment and overall enhancement of the EDGAR system through various modernization efforts, such as the use of outside consultants focused on cybersecurity issues;
  4. A more generalized assessment and enhancement of the entire SEC’s cybersecurity risk profile, which will include the identification and evaluation of all systems holding market sensitive data or personally identifiable information; and
  5. The SEC’s internal assessment of the procedures taken in response to the 2016 EDGAR intrusion.

The SEC has supported these efforts through the immediate hiring of additional staff and outside technology consultants.  The SEC will utilize these additions to perform the following tasks:

  • Evaluate the types of data that is sent to the EDGAR system and whether it maintains adequate mechanisms for obtaining the data;
  • Assess the security systems, processes and controls implemented to protect all data received through EDGAR and other related systems used by the SEC;
  • Improve escalation protocols for cybersecurity threats to enhance agency-wide identification and awareness of potential cyber risks; and
  • Fortify the agency’s cybersecurity risk governance structure through establishing a management team consisting of cybersecurity experts.

WHAT DOES THIS MEAN FOR ME?

Chairman Clayton’s announcement reiterates the importance for firms to make cybersecurity a top priority of their compliance program.  Written cybersecurity policies and procedures should be implemented and periodically reviewed to ensure that all risks can be effectively identified.  Protocols should also be established for mitigating these risks if they were to occur.

Fairview® will continue to assist clients with updating their cybersecurity policies and procedures so that they are better prepared to address potential cybersecurity threats.  Please contact Fairview® if you have any questions or concerns about the SEC’s announcement and how it might apply to your firm.

Sources: https://www.sec.gov/news/press-release/2017-186

 

Click below to view General Filing Deadlines and SEC Holidays

Regulatory Calendar

Stay up to date on the latest industry news and resources.

Filter by Category

Filter by Topic

Fairview

Fairview has been providing streamlined solutions to providers in the financial services industry since 2005. We are part of ViewPoint Partners, our employee-owned parent company for both Fairview and FilePoint, which provides regulatory reporting solutions for registered investment companies.

©2024 Fairview® Investment Services, LLC. All rights reserved.

1330 St. Mary’s St.
Suite 400
Raleigh, NC 27605

info@fairviewinvest.com
919.706.4100
FAX: 800.770.9925