SEC Breach Calls for Broader Use of Encryption

September 27th, 2017 by admin Leave a reply »

U.S. Securities and Exchange Commission (SEC) chairman Jay Clayton recently mentioned that software vulnerability in its Electronic Data Gathering, Analysis and Retrieval (EDGAR) system “was exploited and resulted in access to nonpublic information”.

He added it “may have provided the basis for illicit gain through trading.”

Hackers gain access to the system last year but till August 2017 commission determined that the data may have been available for illegal trading.

AsTech Consulting chief security strategist Nathan Wenzler mentioned that hackers can sell non-sensitive data as well. “Many of them are looking for specific types of information which they can leverage as an advantage in business deals, stock trades, investments and other financial activities for huge profits,” he said.

Wenzler added, “It’s imperative that monitoring and detection for the inappropriate use of this kind of data be a standard layer of defense for organizations right alongside patching vulnerabilities, encrypting data and enforcing strong access controls.”

Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies mentioned that the hackers may have been inspired by other data breach. ”Protecting information that will be made public but has to remain private for some period of time is very difficult to govern,” he said.

“This is not an area most organizations have shown competence in, and for any publicly traded company it is an area that they must be proficient in — but until then, expect this will not be the last such insider trading hack,” he said.

Jason Hart, vice president and CTO for data protection at Gemalto mentioned that stopping such threats is unrealistic goal “A better starting point is for organizations to truly know what they are trying to protect and then putting the right safeguards like encryption in place,” he said. “Of the 1.9 billion data records compromised worldwide in the first half of 2017, less than 1 percent used encryption to render the information useless.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Leave a Reply