The U.S. Securities and Exchange Commission (SEC) received warnings about its cybersecurity vulnerabilities two weeks before a cyberattack in January.
In a tweet, the Office of the Inspector General (OIG), noted shortcomings in SEC procedures involving cybersecurity; among those issues observed were vulnerability management and risk assessment.
The tweet also contains recommendations for strengthening information security controls through risk management and cybersecurity awareness training.
The SEC was subjected to a cyberattack on January 9th, where an unauthorized entity hacked into the agency’s social media platform and made a false revelation to the public to the effect that a Bitcoin ETF had been approved. According to the news, this event cost a total of $90 million in losses.
Apart from the SEC briefing about the security vulnerabilities that were highlighted by the OIG report, there haven’t been details on how security breaches would be addressed.
Since the SEC has not created a structure of accountability that reports any cyberattacks to the public, doubts are cast on the effectiveness of the commission’s cyber response and its commitment to cybersecurity.
It remains unclear whether the SEC itself will face any consequences for failing to act on prior warnings.
Also Read: CertiK: April Sees Decline in Crypto Hacking Losses
