The SEC’s CIO concurs with the findings of the Government Accountability Office and said, some of the issues have either been resolved or will be in the immediate future.
The Government Accountability Office, a congressional watchdog, has stated Wall Street’s top regulator needs to significantly improve the way it protects its own computer networks from cyber-attacks.
The 27-page report found weaknesses in the way the Securities and Exchange Commission stores sensitive information, its usage of unsupported software and its failure to implement an intrusion detection system (IDS) and several miss-steps in the configuration of its firewalls.
“Information security control deficiencies in the SEC computing environment may jeopardize the confidentiality, integrity, and availability of information residing in and processed by its systems,” said the GAO.
“Until SEC mitigates its control deficiencies, its financial and support systems and the information they contain will continue to be at unnecessary risk of compromise.”
Since the SEC is Wall Street’s top regulator, it houses a huge amount of confidential and sensitive information which needs to be stored in an encrypted manner to safeguard against criminal acts, including identity theft, insider-trading or harming U.S. equity markets.
The GAO report did credit the SEC for ramping up its defences saying out of its 58 recommendations given in September 2016, 47 have been implemented so far.
In its latest review, the GAO report has identified 15 new control deficiencies, which include monitoring of its network devices, operating systems and databases and maintaining an up-to date diagram of its network schema.
The SEC’s Chief Information Officer, Pamela Dyson, in her July 14 letter has concurred with the recommendations and has stated the agency has either fixed the issue or has plans on fixing them in the near future.