Highlighting Recent Cyber-Related Financial Losses, the SEC Urges Public Companies to Revisit Internal Accounting Controls
A recent cyber threat investigation by the U.S. Securities and Exchange Commission (SEC) found widespread vulnerabilities at public companies involving fraudulent wire transfers and vendor payments initiated via compromised business email accounts. They found that while victims had adequate controls in place, those controls were bypassed by employees who didn't fully understand them or recognize signs that emailed payment instructions might not be reliable.
This article offers insights on the SEC’s subsequent report advising public companies to review internal accounting controls related to business email compromises (BECs), more commonly known as ‘‘spearphishing.’’
Methodologies & Models