Doug Cornelius on compliance for private equity real estate
This is a new term to me. Quishing: a business email compromise (BEC) attack that uses QR codes in embedded PDF documents to redirect victims to phishing URLs. There is a Phishing-as-a-Service (PhaaS) platform called ONNX Store, which apparently has a user-friendly interface to enable the orchestration of phishing attacks. Good to know there are services making it easy to … Read more »
A few years ago Ukranians hacked EDGAR to obtain nonpublic earnings information and used that information to trade stocks. The hackers made about $1.4 million and spread that information to associates for about $4.1 million in total profit. Now a bigger hacking plot has been discovered and it has bigger international implications. The Securities and … Read more »
The Securities and Exchange Commission sanctioned three broker-dealer/investment advisers for failures in their cybersecurity policies and procedures that resulted in email account takeovers. Each of the firms was using cloud-based email accounts that were hacked. The three firms had not mandated multi-factor authentication for access to the email accounts. The SEC claimed failure under Rule … Read more »
New York City passed a law imposing specific requirements on real estate owners in the city. As buildings are becoming “smarter” landlords are collecting more data about the building coming in, moving around inside, and exiting from their buildings. This is largely for good intentions. It makes the elevators more efficient. It makes the heating … Read more »
The Securities and Exchange Commission Commission’s Office of Compliance Inspections and Examinations issued examination observations related to cybersecurity and operational resiliency practices taken by SEC registrants. This compilation of observations is based on OCIE’s observations of broker-dealer, investment advisers, clearing agencies, national securities exchanges and other firms that OCIE has taken a look at. It’s not clear if these … Read more »
The Nigerian prince email scams at home have been supplanted by phishing attacks on company accounting groups. The problem has become big enough that the Securities and Exchange Commission released a report indicating that falling victim to this kind of cyber attack could be considered a failure in the company’s internal accounting controls. The Federal … Read more »
With the pending release of Episode VIII – The Last Jedi, I’m joining Tom Fox in tying compliance and the Star Wars franchise together. Starting at the beginning with Star Wars, or what is now Episode IV – A New Hope, the climax is the destruction of the Death Star. One of the complaints about the … Read more »
Now that the Securities and Exchange Commission has some first-hand experience with cybersecurity and getting hacked, it has launched a new initiatives to address cyber-based threats. There is new Cyber Unit originating in the enforcement division. Robert A. Cohen will be Chief of the Cyber Unit, stepping away from being Co-Chief of the Market Abuse Unit. … Read more »
Cybersecurity is hard. It’s nearly impossible to stop an attack. If someone really wants in, they can continue to attack and attack until they find a gap. It’s hard to know that you have been breached until well after the breach. It may be just as hard to figure out what was accessed and what … Read more »
The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations issued a new Risk Alert this week on cybersecurity. The risk alert summaries observations from their phase 2 cybersecurity examinations conducted in 2015 and 2016. In phase 2, OCIE examined 75 firms, including broker-dealers, investment advisers, and registered funds. The examinations focused on written policies and … Read more »