By Katanga Johnson
WASHINGTON (Reuters) - Public companies that fail to tighten their cyber security controls could be violating federal law, the U.S. Securities and Exchange Commission (SEC) said on Tuesday.
The regulator's warning came in the form of a report on its investigation to assess whether nine companies that had been victims of cyber-related frauds had sufficient internal accounting controls in place as required by law.
It focussed on so-called "business email compromises" in which cyber criminals pose as company executives to dupe staff into sending company funds to bank accounts controlled by the hackers. The Federal Bureau of Investigation estimates such scams had led to $5 billion in losses since 2013, the SEC said.
The fraud did not include any sophisticated design, but rather used technology to detect the human vulnerabilities in the control system, the report said.
"We did not charge the nine companies we investigated, but our report emphasizes that all public companies have obligations to maintain sufficient internal accounting controls and should consider cyber threats when fulfilling those obligations," Stephanie Avakian, Co-Director of the SEC Enforcement Division, said in a statement.
The SEC did not identify the companies but said the failings of internal controls were only discovered when vendors told authorities of nonpayment on a number of outstanding invoices.
Regulators and lawmakers are increasingly focussed on the risks cyber criminals pose to companies and their customers following a series of high-profile incidents. They included the theft by hackers last year at credit reference company Equifax
Last week, Facebook Inc
Following the Equifax breach, the SEC issued updated guidance on how and when companies should disclose cyber security risks and breaches, including potential weaknesses that have not yet been targeted by hackers but could constitute inside information.
(Reporting by Katanga Johnson; Editing by Michelle Price and Grant McCool)
This story has not been edited by Firstpost staff and is generated by auto-feed.
Updated Date: Oct 17, 2018 04:05 AM