Advice to SEC Staff: Encrypt PCs When Among Hackers
Sensitive, confidential information belonging to major U.S. stock exchanges was at risk of being hacked this year, thanks to an oversight by Securities and Exchange Commission staffers, according to a new Reuters report.
SEC Interim Inspector General Jon Rymer wrote in a 43-page report that some SEC staffers used unprotected government computers at a Black Hat convention this year. The convention attracts hundreds of hacking experts who bring seemingly impenetrable devices with them to see if they can be cracked, says Adam Levin, chairman and cofounder of Credit.com. The SEC said the government-issued computers were not hacked and no unauthorized breach of data occured. According to Reuters, the SEC employees attending the conference had logged into the unencrypted computers through public wireless networks.
The Inspector General said the employees, who had worked in the SEC's Trading and Markets division, were no longer at the federal agency. The SEC has been warning Wall Street firms and market exchanges to beef up their cyber security efforts. But the government computers brought to the Black Hat convention did not have basic virus protection programs installed and the employees had neglected to encrypt the devices, Reuters reports.
Levin says in an interview with The Daily Ticker that cyber espionage could take down the world's financial trading system.
"We don't take cyber security as seriously as it needs to be taken," he says. Cyber attacks and hacking are a "pervasive problem," not just in the U.S. but also in the entire world, he notes.
The Nasdaq OMX Group was the target of a cyber attack in 2010, but its trading systems were not compromised. U.S. corporations like LinkedIn, Google, RSA, Lockheed Martin and Northrop Grumman have all been victims of computer attacks within the past year.
Large corporations will spend $32.8 billion on computer security this year, a 9% increase from 2011, according to The New York Times.
Levin says Congress must make tackling cyber security legislation a priority.
"We have to come up with, once and for all, a comprehensive cyber security policy that is carried through, not only at the government level, but also at the corporate level," he says.
More from The Daily Ticker