Hackers may have traded using stolen insider information, SEC admits


#1

Originally published at: https://boingboing.net/2017/09/21/sec-hacked.html


#2

With the Internet of Unsecured Things on the very near horizon, it might be a good time for some computer security standards and maybe some auditing and complaince efforts. And, you know, maybe some legislation to give it all some teeth. Because it’s not just cheap security cameras and dog bown water level monitors.

Clasically, the aregument has been “to get their attention, hit them in the pocket book”. Maybe the financial sector is going to start feeling this pain. Experian, this, whatever is next…


#3

While I agree with what you’ve said, I’m not sure it’s entirely relevant. There’s no indication that this specific breach was a result of Internet of Shit devices, and the financial repercussions (in this case,) were not the result of targeting the pocketbooks.


#4

The IoUT begs for some standards for peoper security. Even to the extent of legislation of such–but no one has the motivation to do anything about it.

The Congress and the Executive are full of financial industry people who would be hurt by security failings in the financial markets.

Could the recent security failings in the financial industry cause the financial industry people to push for a legislative or executive solution to the poor security.

There, I hope that connects the chain of logic better.


#5

They have some, problem is they are generally monitored by the auditors who are often in bed with their clients, particularly for large accounts so they may raise the issue but generally aren’t going to flag it or make enough waves to get a change made, at least with the current state of security and auditors in the US. Also, security risk is obscure enough that it isn’t going to prevent a “clean opinion”. I don’t think auditors are really equipped well to do it outside of the largest firms, and even then, they are far more financially oriented than security/ops oriented.

I don’t think we will see much change until there are strong ISO type certifications for levels of security and the shareholders demand (or govt enofrces compliance) that those standards be met and maintained. Are there already ISO standards or what are the benchmarks for security? I don’t know.


#6

It does, thank you for clarifying. I’m not sure how legislation could help here though. In terms of poorly-secured connected devices, there’s such a variety of means of connection and data transferred that blanket device security legislation may be detrimental to functionality, (although in terms of some of the smaller companies with more egregious flaws and useless devices this may prove a benefit to the rest of us.)

That said though, as we often see, Congress seems less inclined to legislate impenetrable security to commercially available devices; their modus operandi seems to be security, AS LONG AS they can still arbitrarily access citizen’s devices in the name of security, which entirely defeats the purpose.

Third party apps may alleviate this with extra levels of encryption, but relying on centralized distributors creates a weak link should these distributors ever be compromised by attackers, potentially compounding the damage.

As much as I would like to see an appreciation of increased security and privacy in government, (I agree with everything you’ve said,) I doubt traction for security legislation that could actually make a difference could develop.


#7

The SEC is concerned about insider trading? That’s rich. Do they even have an enforcement arm?


#8

They do have an enforcement arm, and based on press releases they have started prosecuting two insider trading cases in the last two weeks, one of which against the CEO of a Silicon Valley company.


#9

It also puts the agency under a spotlight over why the 2016 breach was not disclosed earlier. Securities industry rules require companies to disclose cyber breaches to investors and the SEC has investigated firms over whether they should have reported incidents sooner.

Do as I say, not as I do.


#10

Thnk you to make it clear…


#11

That’s pretty awesome. Nobody’s brought this to the President’s attention yet, I take it.


#12

This topic was automatically closed after 5 days. New replies are no longer allowed.