In one of the strongest reprimands ever delivered by the U.S. Securities and Exchange Commission, SEC chair Mary Jo White urged Wall Street and global financial institutions to drastically step up their cybersecurity measures.
“Cyber risks can produce far-reaching impacts,” White said at the Reuters Financial Regulation Summit in Washington, D.C. “We can’t do enough in this sector.”
The address came largely in response to the recent fiasco in Bangladesh, where cyber criminals managed to steal $81 million in central bank funds using the global money transfer network SWIFT earlier this month.
White says that the SEC will begin to crack down even more thoroughly on cases of non-compliance with trading rules or violations of security mandates. The agency found that many high-profile banks and trading organizations did not have adequate cyber security policies in place commensurate with their risk potentials.
“What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks,” White said.
Cyberhacking is certainly a major threat to all sectors of finance, local and global: the U.S. federal government, for example, has experienced a 680% increase in cyber security breaches just over the past six years.
Former World Bank security personnel Tom Kellermann, who now acts as CEO for investment firm Strategic Cyber Ventures in D.C., called White’s report “a historic recognition of the systemic risk facing Wall Street.”
“There’s an awareness in the criminal community that these private equity firms and hedge funds have weak technology infrastructure,” Kellermann told CSO Online. “And with straight-through processing and transactions happening in real time, it’s very difficult to stop yourself from being front-run if you’ve already allocated the transaction, so this has become a systemic risk issue.”
Others place the blame on industry pressure for increased efficiency in the financial processing world. “They’ve been trying to cut costs and automate as much as possible,” said Justin Harvey, chief security officer at Fidelis Cybersecurity.
“You’d think that for an $81 million transaction someone would be looking at it,” he said, referring to the Bangladesh incident. “I know it costs more money, but I don’t know of any other institution that would process that large amount of money without a second or third level of scrutiny.”
White says that Bangladesh exposed a flaw in the system that will not be repeated under the SEC’s watch. “We’re really functioning on all cylinders,” she said.