Securities and Exchange Commission (SEC) has issued a press release and reporting advising public companies to review and recalibrate internal accounting controls to consider cyber threats. SEC stated the report is based on an investigation of business email compromises (BECs), more commonly known as “spearphishing” (targeted electronic messages tricking users to share confidential information) attacks, at nine public companies across a broad range of industries that resulted in a cumulative loss of almost $100 million. The SEC communicated that the frauds lasted up to nine months in some cases and the attackers posed as company executives or vendors and often were detected only after intervention by law enforcement or other third parties.
There are several controls that are very effective ways to help thwart attacks of this type, including performing proactive test spearphishing, internal penetration testing, advanced user security awareness training and implementing security monitoring agents that react to anomalies and watch the data traffic and alert your cybersecurity team. For more information on how to implement these controls and the processes and scope of work needed to have real assurance of operating effectiveness, contact our experience CyberSecurity experts here.
To see the full report…. https://www.sec.gov/news/press-release/2018-236
Carl Cadregari is an executive vice president based out of our Rochester, NY office.