Skip to main content
close search
site logo
Dive Brief

SEC ignored warnings from forensic tech unit 2 months before breach

Published Oct. 5, 2017
Samantha Schwartz's headshot
Samantha Schwartz Reporter

Dive Brief:

  • The U.S. Securities and Exchange Commission revealed a congressional memo in which its forensics investigative unit asked for more resources after finding "serious deficiencies" in equipment, reports Reuters. The memo was submitted two months prior to its 2016 data breach, but requests were never resolved. 
  • The Digital Forensics and Investigations Unit was formed in 2015 but lacked a "strategic vision," according to the memo. The forensic team was forced to repurpose hard drives after being told to "use equipment due for disposal." Its 2017 hardware budget needed about half a million dollars more for full functionality, according to the report.  
  • After the forensics team concluded there was insufficient cybersecurity training and communication failings with the SEC's Office of Information Technology, it alerted Carl Hoecker, the SEC's internal watchdog. Hoecker developed the forensic unit and ran the Office of the Inspector General, but the office did not learn of the intrusion until months afterwards. 

Dive Insight:

The SEC's filing software system, Electronic Data Gathering, Analysis and Retrieval (EDGAR), was infiltrated through a vulnerability despite administered patchwork. EDGAR houses about 50 million classified documents, and it is believed the intrusion may have led to "illicit gain through trading."

The revelation that an internal SEC tech team detected insufficiencies in its technical infrastructure before a devastating breach highlights the disconnect between security protocols and initiatives which reinforce them. It is clear the SEC's breach is not a matter of ignorance.

The SEC is not alone among federal agencies in its security mishaps. The Government Accountability Office (GAO) recently published its report on 24 various government agencies, which found the procurement of a security management program as a top shortcoming.

Cybersecurity mishaps are crippling public and private agencies. Although the SEC had a team equipped with knowledge of the agency's demands, many other organizations are not as lucky. Cybercrimes have increased about 62% over a five-year period, but about 60% of IT professionals say cybersecurity teams are understaffed or lacking the proper skill set. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Unanet Acquires GovPro AI to Enable Customers to Win More Business
From Unanet
November 22, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell