SEC Introduces Initiatives for Cyber Threats and Retail Investors
Building on its Enforcement Division’s efforts to counter cyber-based threats and safeguard retail investors, the Securities and Exchange Commission (“SEC”) announced on September 25 the creation of the following two initiatives: Cyber Unit: Using the Enforcement Division’s cyber expertise, the new Cyber Unit will target misconduct concerning market manipulation schemes featuring false information distributed electronically and through social media; hacking to acquire private information; and violations related to distributed ledger technology and initial coin offerings. Retail Strategy Task Force: With the Enforcement Division experiencing long-term success at bringing cases such as the sale of unsuitable structured products and microcap pump-and-dump schemes, the Retail Strategy Task Force will create proactive,. Read More.
SEC Chairman Clayton Testifies on 2016 Cybersecurity Breach
After announcing on September 20 that the Securities and Exchange Commission’s (“SEC”) computers were breached last year , SEC Chairman Jay Clayton recently provided additional details on the cybersecurity intrusion to the Senate Committee on Banking, Housing and Urban Affairs. During his September 26 testimony, Clayton expressed his concerns over the 2016 breach involving the SEC’s Electronic Data Gathering And Retrieval filing system. He noted that the breach will cause many to pay close attention to the SEC’s approach to cybersecurity, and whether the agency is taking the proper steps to appropriately address its cyber risk. Clayton also reiterated that the SEC’s review and investigation of the matter are. Read More.
SEC Computers Compromised Last Year
Securities and Exchange Commission (“SEC”) Chairman Jay Clayton has announced that the agency’s computers were breached in 2016, possibly causing private information in its Electronic Data Gathering And Retrieval (“EDGAR”) filing system to be used for making illegal trades. In a statement issued on Wednesday, Clayton said an investigation is underway, but the SEC believes the security breach did not create unauthorized access to personally identifiable information, endanger the market regulator’s operations, or lead to systemic risk. Aside from stating that it detected the breach last year, the SEC has provided few details. The SEC did note that it realized. Read More.
AICPA Releases Cybersecurity Reporting Framework Criteria
In support of its proposed cybersecurity reporting framework, the American Institute of Certified Public Accountants (“AICPA”) has issued the following criteria: Description criteria for management’s description of an entity’s cybersecurity risk management program. 2017 trust services criteria for security, availability, processing integrity, confidentiality, and privacy. This month, the AICPA plans to publish a cybersecurity attestation guide to help CPAs report on cybersecurity examination engagements compliant with the AICPA attestation standards. Once the guide is published, the Center for Audit Quality will issue The CPA’s Role in Addressing Cybersecurity Risk: How the Auditing Profession Promotes Cybersecurity Resilience. The publication will offer. Read More.
Coastal Carolina Investigating Possible Phishing Scam
An investigation is underway to help Coastal Carolina University (“CCU”) recover money stolen through a possible phishing scam. The university discovered that scam artists masqueraded as vendors under contract with Coastal Carolina to pocket more than $1 million over two incidents. During the first incident, an individual claiming to be a vendor representative emailed CCU financial services and asked to change the vendor’s bank account information, and had around $839,000 wired to their account. Per the investigation, the scam artists are highly skilled and could be located in the U.S. and internationally. Click here for more about Coastal Carolina University’s investigation.
Betrayed from Within: Cherry Bekaert Teams with IDentrix to Deliver Powerful Webinar
Some of the biggest security breaches of our time have come from “malicious insiders” – employees and/or subcontractors with proprietary access to highly sensitive or classified data who then share that data outside their organization. Think Edward Snowden and more recently Harold T. Martin III. However, insider security breaches can happen unintentionally, too. Think the Sony breach, which may have been caused by an employee unknowingly clicking on a link in an email. Unsurprisingly, turnout was high when Cherry Bekaert’s own Susan Moser , Partner, and Neal Beggan , Principal, teamed up with Raj Ananthanpillai, CEO of IDentrix, to deliver a webinar on insider. Read More.