The SEC has brought on an expert in cybersecurity to advise its director and enact strict policies to prevent crime.
The US Securities and Exchange Commission is the arm of the government charged with overseeing the buying and selling of securities. They’re charged with the oversight of major-name players in the stock exchanges, and as such, fortunes are often made or lost–and every so often a criminal is charged and sent to prison–based on the highly detailed work of the SEC. So it stands to reason that this agency might be a little bit interested in keeping hackers out of their business.
It’s a very valid concern given the record-breaking numbers of data breaches that have taken place in recent years. The Identity Theft Resource Center, which has been tracking identity theft and data breaches since 2005, has already reported 454 data breaches in 2016 alone, which altogether exposed over 12 million consumers’ information to cyberthieves. One of the ITRC’s top noted methods of data theft is in CEO phishing, more formally known as a business email compromise attack, which works through social engineering rather than any form of high-tech hacking; it works because when someone hacks into your boss’ email account and makes it seem as though the boss is telling you to do something, you do it.
Hopefully, the SEC’s new Senior Advisor to the Chair for Cybersecurity Policy can do something about the very real threat of cybercrime, at least in the ways that it can affect the Holy Grail of financial theft, the stock exchange. Christopher R. Hetner, who has served since 2015 as the Cybersecurity Lead for the Technology Control Program within the SEC’s Office of Compliance Inspections and Examinations (OCIE), will now be the direct advisor on cybersecurity matters to SEC Chair Mary Jo White.
“Having dedicated my career to information security, I am honored to have the opportunity to advise Chair White on cyber policy issues,” said Hetner in a press release. “I look forward to working with staff across the agency to enhance our risk-based approach to cybersecurity policy.”
The very first step in preventing cybercrimes is to even have a policy, which Hetner mentioned. Too many companies don’t have well thought out tech policies in place, such as policies about downloading viruses, clicking on links that install malicious software, or confirming a request in person before complying with the “CEO’s” request for a large money transfer. Hetner’s role shift will hopefully establish industry-wide policies on cybersecurity that can trickle down to the many companies who look to the SEC for regulation.