Yesterday The Office and Compliance Inspections and Examinations ("OCIE") issued an alert about safeguarding client accounts against credential compromise that highlighted the issue of "credential stuffing attacks". Credential stuffing is a type of cyber attack where many compromised user credentials are tried against systems to gain unauthorized access, using automated means. Over the past few
On January 27, 2020 the Securities and Exchange Commission Commission's Office of Compliance Inspections and Examinations issued examination observations related to cybersecurity and operational resiliency practices undertaken by market participants. We reviewed this alert and simplified it into major points that are easily digestible. The OCIE provided the following observations: Governance and Risk Management Senior leadership is
Alert On May 23, 2019, the Office of Compliance Inspections and Examinations ("OCIE") issued the alert "Safeguarding Customer Records and Information in Network Storage - Use of Third Party Security Features". In this alert the OCIE 'identified security risks associated with the storage of electronic customer records and information by broker-dealers and investment advisers in
