The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) recently issued a Risk Alert (the “Alert”) discussing cybersecurity observations from its examinations over time. The Alert did not state the time period of examinations included; however, OCIE has conducted several cybersecurity targeted exams over recent years.
OCIE is concerned with an increase in a particular type of hack known as “credential stuffing.” This type of cyber-attack involves stolen credentials, which are used to log into web-based systems of firms to access client funds.