How Abacus addresses the recent risk alert on safeguarding against “credential stuffing” attacks
The SEC OCIE published a risk alert on September 15, 2020, entitled “Cybersecurity: Safeguarding Client Accounts against Credential Compromise” in response to an observed increase in the frequency of “credential stuffing” attacks.
Our abacusFlex IT-as-a-service platform is designed to meet or exceed regulatory security requirements by following policies and procedures set forth by NIST, COBIT, ISO, Center for Internet Security and the Cloud Security Alliance.
Abacus enables clients to safeguard their accounts by utilizing the following OCIE recommended practices:
- Password policies, with strength, length, type and change frequency practices that are consistent with industry standards. Plus, customization of strong password policies to meet client needs and security concerns.
- Use of Multi-Factor Authentication (MFA), which employs multiple “verification methods” to authenticate the person seeking to log in to an account. Properly implemented, MFA can offer one of the best defenses to password-related attacks and significantly decrease the risk of an account takeover.
- Monitoring for a higher-than-usual number of login attempts over a given time period, or a higher-than-usual number of failed logins over a given time period.
- Use of Next Generation Firewalls that can detect and inhibit credential stuffing attacks.
- Keeping our customers informed with cybersecurity awareness training, better preparing users to identify potential attacks.
Abacus always remains vigilant and proactively addresses emergent cyber risks, including sending clients informational cybersecurity advisories.
Learn more about our cybersecurity defense-in-depth strategy.
