Recent revelations shed light on the United States Securities and Exchange Commission's (SEC) cybersecurity vulnerabilities, raising concerns about the adequacy of its information security measures.

Just two weeks before the SEC's X account was compromised on January 9, a report from the Office of Inspector General (OIG) highlighted significant shortcomings in the commission's cybersecurity program. The report, disclosed by Fox Business reporter Eleanor Terrett, underscored the SEC's failure to effectively mitigate security weaknesses.

The December 2023 OIG report, based on an independent evaluation by contractor Cotton & Company Assurance and Advisor, identified various areas requiring improvement in the SEC's security protocols. These included vulnerabilities in risk management, supply chain, security training, and continuous diagnostics and monitoring.

In response to the OIG report, the SEC's Chief Information Officer David Bottom acknowledged the identified deficiencies and expressed a commitment to enhancing the agency's information security program. However, the SEC was ordered to submit an action plan within 45 days to address the identified risks.

Unfortunately, the SEC fell victim to a hack shortly after receiving the OIG report. On January 9, unauthorized access was gained to the commission's X account, resulting in the dissemination of a false spot Bitcoin ETF approval announcement. This incident led to liquidations totaling $90 million and raised concerns about market manipulation.

Congresswoman Anne Wagner voiced her apprehension regarding the hack, labeling it as clear market manipulation that impacted millions of investors. The SEC came under further scrutiny after it was revealed that the commission had not implemented two-factor authentication, leaving its accounts vulnerable to exploitation via a SIM-swapping attack.

The SEC's cybersecurity breach highlights the critical need for robust information security measures in regulatory agencies to safeguard against potential market disruptions and protect investor interests.