Member Articles
OCIE RISK ALERT—Cybersecurity: Safeguarding Client Accounts against Credential Compromise
Related Articles inTechnology | Telecommunications
More Technology | Telecommunications Aricles → Latest Firm's PressDinsmore & Shohl LLP OCIE’s most recent Risk Alert, published Sept. 15, 2020, address another cybersecurity issue, this time highlighting the dangers of “credential stuffing.” Credential stuffing is a method of cyberattack that uses compromised client login credentials and can lead to loss of customer assets and the disclosure of confidential or other personal information. Hackers will obtain groups or lists of usernames, email addresses, and their passwords from sellers on the dark web. They then attempt to use these compromised usernames and passwords from the original site to gain access to other websites. If successful, this process can enable bad actors to access a firm’s customer accounts. If undetected, these attacks can eventually allow hackers to gain access to firms’ systems and steal assets from customer accounts, access confidential information as well as additional login credentials/website information which can be resold to others on the dark web. According to OCIE, there has been a recent increase in the prevalence of such attacks. OCIE is urging firms to take proactive steps to mitigate the risks of credential stuffing. OCIE has identified two of the largest online behaviors that lead to successful attacks, which are (1) individuals using the same password or minor variations of the same password for various online accounts, and/or (2) individuals using login names that are easily guessed, such as email addresses or full names. As stated above, firms should be proactive in their efforts to combat credential stuffing. Some of the methods referenced by OCIE for consideration by firms include:
|
Link to article
Related Articles in
Technology | Telecommunications
- New California Bill Would Impose Strict Products Liability on All Online Retailers
April, 2021 - Recommendations for the Implementation of Cookie Banners
April, 2021 - New Favorable Qualified Small Business Stock Guidance for Fintechs and Insurtechs
April, 2021 - Mamo TCV Newsletter - March 2021
April, 2021
More Technology | Telecommunications Aricles →
Latest Firm's Press
Dinsmore & Shohl LLP