Senate Dem calls on businesses, feds to 'step up' on cybersecurity

Senate Dem calls on businesses, feds to 'step up' on cybersecurity
© Keren Carrion

A top Senate Democrat on Thursday said the private and public sector needs to boost its cybersecurity after the Securities and Exchange Commission (SEC) revealed that hackers might have profited off of insider information stolen from the agency’s disclosure filing system.

Sen. Mark WarnerMark Robert WarnerIs there difference between good and bad online election targeting? Collusion judgment looms for key Senate panel Hillicon Valley: Facebook reveals 30 million users affected by hack | Grassley presses Google to explain data practices | Senators warn Canada against using Chinese telecom firm | FCC responds to net neutrality lawsuits MORE (D-Va.), a member of the Senate Banking Committee, said the SEC breach “shows that government and businesses need to step up their efforts to protect our most sensitive personal and commercial information.”

Warner said he’d press SEC Chairman Jay Clayton on the agency’s rules dictating when companies must report data breaches when he appears before the banking panel next week.

“Information has become one of our country’s most valuable resources, and control of that information comes with significant responsibility,” Warner said. “The SEC should not retreat from its important market oversight role in order to limit its exposure to sensitive information.”

Clayton revealed in a statement last night that hackers exploited a software vulnerability in the regulator's EDGAR filing system. That breach was discovered in 2016, he said, but the SEC did not learn about the possibility of unlawful trading until 2017.

“Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic,” he said. “We also must recognize — in both the public and private sectors, including the SEC — that there will be intrusions, and that a key component of cyber risk-management is resilience and recovery.”

The announcement comes after credit report company Equifax revealed earlier this month that hackers accessed personally identifiable information from as many as 143 million people.