The announcement, from an SEC Commissioner, came in the form of a single paragraph. And it offered no details beyond the fact the SEC had recently discovered that its Electronic Data Gathering, Analysis, and Retrieval system, commonly called EDGAR, was hacked in 2016.
What are the ramifications? What kind of risk does this pose for insider trading and the like? The statement simply says the Commission is looking into those things.
That's where a just issued and much longer statement on cybersecurity at the SEC comes in. While not drawing any conclusions around the 2016 hack, it spells out the possible consequences of any breach:
"...with respect to our EDGAR system, we face the risks of cyber threat actors attempting to compromise the credentials of authorized users, gain unauthorized access to filings data, place fraudulent filings on the system, and prevent the public from accessing our system through denial of service attacks. We also face the risks of actors attempting to access nonpublic data relating to our oversight of, or enforcement actions against, market participants, which could then be used to obtain illicit trading profits."
The statement on cybersecurity by SEC Chairman Jay Clayton is an interesting read. It touches on insider threats, third-party security and spells out the Commission's overall approach to cybersecurity as it relates to the business.
In other words, it hits on the topics SecureWorld Advisory Council members tell us are crucial to their efforts right now.
