SEC Urges Companies to Focus on Employing Better Accounting and Audit controls against Cyber Threats
The US regulator Securities and Exchange Commission (SEC) has urged companies to take threats from the cyber world more seriously than they are doing right now when developing and implementing internal controls for the organization. This action from the SEC has come in wake of a report which was based on organizations that fell prey to cyber frauds resulting in losses of around $100m.
The SEC mainly focused ‘business email compromises’ (BECs) in which fraudsters pose as organization executives, high-level employees related with finance department or vendors by spoofing their publicly available emails to deceive companies into transferring large amount of money to bank accounts which are in their control.
In some of the instances the cyber frauds lasted several months and were found only after interference from law enforcement agencies or third parties other than the enforcement agencies. As per the above mentioned report each company lost $1m, two of the nine companies on which the report was based suffered losses of more than $30m while one company lost more than $45m. As a result of the cyber frauds, the nine companies suffered combined losses of nearly $100m.
Each of the nine companies mentioned in the report had securities listed on the stock exchange, covered various sectors such as machinery, consumer goods, real estate, financial, energy and technology. As per an estimate by the FBI, the cyber frauds performed using BECs has resulted in companies suffering losses of more than $5bn since 2013.