Securities and Exchange Commission Chairman Jay Clayton is telling corporate America it needs to get much more vigilant on security.
In an interview Monday on CNBC’s “Power Lunch,” stressed that significant cybersecurity threats remain, despite the ongoing coronavirus pandemic and election season. “Cyber risks have not gone away with the unfortunate, unforeseen risks we’ve faced with Covid and other uncertainties in our economy,” he said. “They’re still there, and they’re there more than ever.”
So alarmed is the SEC by recent developments that it has issued warnings on several areas in recent months:
- Ransomware: An increase in sophistication of attacks on broker-dealers, investment advisers, and investment companies, and also attacks impacting service providers to companies that are under the SEC’s purview.
- Credential compromises: An increase in cyber-attacks against brokers and dealers using “credential stuffing,” a method of cyber-attack that uses compromised client login credentials, resulting in the possible loss of customer assets and unauthorized disclosure of sensitive personal information.
In October alone, the Cybersecurity and Infrastructure Security Agency, which is part of the Department of Homeland Security, put out 30 cyber alerts across various industries and business size, as well as consumers, according to Clayton.
“Cybersecurity incidents are on the rise, and it’s something we all need to continue to pay attention to,” Clayton said. “I know companies are burdened in many ways. Our registrants are burdened in many ways right now, but this is one of those things we just can’t lose sight of.”
Akamai CEO Tom Leighton also recently noted on an increase in online attacks, telling CNBC last week that the cybersecurity company has noticed a doubling in “malicious traffic” on a quarter-over-quarter basis.
Clayton, whose agency regulates securities in the U.S., said the issue is of particular concern to the financial community.
“We’ve seen denial-of-service attacks in our financial industry. Fortunately, they have not become systemic,” he said. “Usually, that’s because of good information sharing across firms and across the government.”
Clayton said companies that do experience a denial-of-service attack — which involves hackers trying to overwhelm a network by directing a torrent of traffic toward it — should reach out to the SEC and banking regulators. “We have been able to share that information quickly, and make sure that other firms patch” their networks to prevent an attack, he said.
In general, Clayton said that companies and employees alike need to practice what he calls “cyber hygiene.” For individuals, that means having strong passwords and multi-level authentication. For businesses, that means having multi-level backup systems, among other steps, he said.
Clayton also noted the importance of updating even commonly used software systems, saying that many require constant patching. “People need to continue to patch. I can’t emphasize enough that cyber hygiene helps us all,” he said.
While Clayton’s comments come on the eve of the U.S. presidential election, he said that timing was mostly “serendipitous.” He said the uncertainty caused by the pandemic was likely a big driver in the cyber threats. However, he said, “any time there is uncertainty, threat actors generally increase their activity.”