Article

Get Ready for Greater SEC Cyber Security Enforcement

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet1,014 viewsSign in to rate
SEC cyber security enforcement is set to intensify in light of recent global attacks and new enforcement chiefs Public companies and firms operating in regulated industries, especially finance, should expect more SEC cyber security enforcement in the wake of new and emerging threats, like WannaCry and NotPetya, as well as the appointment of two new cyber-minded enforcement chiefs. Reuters reports:On Thursday, the U.S. Securities and Exchange Commission named Stephanie Avakian and Steven Peikin as new co-directors of enforcement. In an exclusive interview ahead of the formal announcement, the two said they were deeply conce ed about cyber threats and see the topic as a major enforcement priority. "The greatest threat to our markets right now is the cyber threat," said Peikin, who was still wearing a guest badge because he has not yet received his formal SEC credentials yet. "That crosses not just this building, but all over the country." The SEC has started to see an "uptick" in the number of investigations involving cyber crime, as well as an increase in reports of brokerage account intrusions, Avakian said. As a result, the agency has started gathering statistics about cyber crimes to spot broader market-wide issues. This follows on the heels of a risk bulletin the SEC released in response to the WannaCry attacks, urging broker-dealers, investment advisers, and investment companies “to assess industry practices and legal, regulatory, and compliance issues associated with cybersecurity preparedness.” The bulletin directed readers to a website established by the Financial Industry Regulatory Authority (FINRA), a self-regulatory organization overseen by the SEC, that provides numerous cyber security tips and resources. Cyber Security Problems Uncovered During Regulatory Exams Also contributing to the new SEC cyber security focus are widespread security lapses the SEC found during recent regulatory exams at financial companies, including: • Unauthorized disclosures of personally identifiable information (PII). • Issues with phishing emails; employees were found to click on suspicious attachments more than 20% of the time. • Third-party wires not being properly authenticated. • Organizations not conducting periodic risk assessments, penetration tests, and vulnerability scans. Penalties for non-compliance with SEC cyber security standards can be severe. Last June, the agency fined Morgan Stanley Smith Barney LLC $1 million for failing to sufficiently secure its systems to prevent a breach; sanctioned Craig Scott Capital LLC for $100,000 for using non-firm email addresses to receive faxes; and made R.T. Jones Capital Equities Management Inc. pay $75,000 for “failing to implement proper cyber policies” after the firm was breached. Financial firms aren’t the only ones on the SEC’s radar. Law360 reports that the SEC is investigating Yahoo for its numerous data breaches. Sound GRC Practices Will Keep Your Organization on the SEC’s Good Side A panel held at the recent 2017 FINRA Annual Conference discussed five best practices organizations should adopt to prevent cyber attacks and maintain compliance with both FINRA and SEC cyber security standards: governance, risk assessment, cyber security training, access management, and vendor management. Some organizations, especially small and medium-sized businesses, struggle with the cost and time commitment that proactive cyber security and GRC require. But the cost of cyber attacks and non-compliance penalties are much higher than making the necessary investment to prevent attacks and maintain compliance in the first place.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026