Securities and Exchange Commission chairman Jay Clayton explains to American companies that they need to be much more vigilant about security.
In an interview on Monday at CNBC’s “Power Lunch,” it was stressed that despite the ongoing pandemic and election season for coronavirus, significant cybersecurity threats remain. “Cyber risk has not gone away with the unfortunate, unforeseen risks we have faced with Covid and other uncertainties in our economy,” he said. “They are still there and they are there more than ever.”
The SEC is so alarmed by the latest developments that it has issued warnings in several areas over the past few months:
- Ransomware: Increased complexity of attacks on broker-dealers, investment advisors and investment companies, and attacks on service providers on companies under the purview of the SEC.
- Credentials compromise: An increase in cyber attacks against brokers and traders using “credential stuffing”, a method of cyber attack that uses compromised client credentials, resulting in the possible loss of client assets and unauthorized disclosure of sensitive personal information.
In October alone, the agency for cybersecurity and infrastructure security, which is part of the Department of Homeland Security, issued 30 cyber alerts for various industries and company sizes, as well as consumers, according to Clayton.
“Cyber security incidents are on the rise and we all need to keep being vigilant,” said Clayton. “I know companies are burdened in many ways. Our registrants are burdened in many ways right now, but this is one of the things we just can’t lose sight of.”
Akamai CEO Tom Leighton also recently noticed an increase in online attacks and told CNBC last week that the cybersecurity firm had seen “malicious traffic” have doubled from the previous quarter.
Clayton, whose agency regulates securities in the United States, said the problem was of particular concern to the financial world.
“We have seen denial of service attacks in our financial industry. Fortunately, they have not become systematic,” he said. “Usually this is due to a good exchange of information between companies and the government.”
According to Clayton, companies experiencing a denial of service attack in which hackers attempt to overwhelm a network by directing a stream of traffic onto it should turn to the SEC and banking regulators. “We were able to get that information out quickly and make sure other companies were patching their networks,” he said to prevent an attack.
In general, Clayton said that businesses and employees alike must practice what he calls “cyber hygiene.” For individuals, this means having strong passwords and multi-factor authentication. For companies, this means, among other things, having multi-level backup systems.
Clayton also noted the importance of updating frequently used software systems yourself, saying that many require constant patching. “People need to keep mending. I can’t stress enough that cyber hygiene helps us all,” he said.
While Clayton’s comments come on the eve of the US presidential election, he said the timing was largely “accidental”. He said the uncertainty caused by the pandemic is likely a big driver of the cyber threats. However, he said, “Whenever there is uncertainty, threat actors generally increase their activity.”