New threats present cybersecurity risks for financial services firms

The U.S. Securities and Exchange Commission (SEC) still has work to do to bolster its cybersecurity, according to a new report from the U.S. Government Accountability Office (GAO).

The U.S. government watchdog issued a report concluding that, while the SEC has improved its controls over key financial systems and information since a 2015 audit, it has not fully implemented 11 of the GAO’s 58 recommendations.

Those yet-to-be implemented recommendations include “consistently protecting its network boundaries from possible intrusions, identifying and authenticating users, authorizing access to resources, auditing and monitoring actions taken on its systems and network, [and] encrypting sensitive information while in transmission,” the report states.

In addition, the GAO’s latest review of the securities regulator identified 15 new control deficiencies that it says limit the effectiveness of the SEC’s controls for protecting the confidentiality, integrity and availability of its information systems.

The GAO says the deficiencies don’t represent a material weakness for the agency, but they do deserve the attention of SEC management. It warns that until the SEC deals with these deficiencies, “its financial and support systems, and the information they contain, will continue to be at unnecessary risk of compromise.”

Photo copyright: beebright/123RF