Home » hackers

Tag: hackers

SEC Warns Firms to Take Action Against Cyber-Frauds

 

The SEC has issued and investigative report that advises public companies to enhance internal accounting controls to prevent losses from cyber-related frauds.  The SEC report describes frauds at 9 issuers that involved spoofing emails and false vendor invoices that resulted in significant losses when internal employees transferred funds to the wrongdoers.  One of the companies made 14 wire payments, resulting in a loss of over $45 Million.  Another paid 8 invoices totaling $1.5 Million.  Although the SEC did not bring enforcement actions against these registrants, the SEC alleges that the companies violated their obligations to implement internal accounting controls sufficient to ensure transactions are only permitted with management’s authorization.  In particular, the SEC advises companies to review and enhance their payment authorization and verification procedures and employee training.  SEC Chairman Jay Clayton warned: “Cyber frauds are a pervasive, significant, and growing threat to all companies, including our public companies.”

OUR TAKE: You’ve been warned.  The SEC gave these 9 companies a pass, but we don’t expect the same treatment for future violators who should now take action to prevent spoofing and email cyber-frauds. 

Hackers Impersonated Reps to Gain Access to Client Info

 A large BD/IA agreed to pay a $1 Million fine and retain an independent compliance consultant as a result of a third-party intrusion into its customer system.  Outside hackers impersonated independent consultant registered representatives and tricked internal IT personnel to change passwords over the phone.  Although there was no unauthorized transfer of funds, the impersonators were able to access personally identifiable information of over 5000 customers.  The SEC charges the firm with violating the Safeguards Rule and with failing to implement an effective Identity Theft Prevention Program.  The SEC faults the firm for allowing outside contractors to use their own equipment, which often had security and encryption problems, and with failures to follow remote session termination procedures.

OUR TAKE:  This is the nightmare scenario for retail BD/IAs.  The desire to make life easier for the producing reps creates IT vulnerabilities exploited by bad actors.  Our recommendation is to retain an outside firm that can conduct an honest vulnerability assessment.