The Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert highlighting the need for investment advisers to prevent unauthorized access to client data stored on websites.
Recently, cyber attackers have used “credential stuffing” and other methods to breach web-based user accounts. Credential stuffing is when a hacker combines lists of stolen account information from the dark web and customized scripts to compromise user names and passwords to other sites. Hackers prefer this method because it seems to be more efficient and successful than more traditional methods of hacking, like a brute force attack.
OCIE has the following recommendations for Investment Advisers to consider in protecting themselves and their websites against credential stuffing attacks: Continue reading ›