Companies should invest in training to help employees ward off social engineering attacks, which use social media, personal profiles, and websites.
A survey by SailPoint found that many would sell a password to an outsider for less than $1,000.
The securities regulator has deficiencies in some financial controls and weak cybersecurity measures, says the GAO.