This year was a challenging one for managers in the alternative investment and wealth management space.
Aside from economic pressures, firms are experiencing regulatory shifts in the U.S. and Europe, from SEC and DORA, and an evolving cybersecurity landscape thanks in part to artificial intelligence. We’ve compiled the most popular Drawbridge content that addresses this year’s notable trends.
The SEC Cyber Rule for Advisors and Funds has been pushed back until Spring 2024
The reason for the delay could be related to incident disclosure requirements, with concerns that early disclosure of public companies’ cyber incidents could result in further damage to the company.
- Read Rule Info on reginfo.gov.
- See Department of Justice Material Cybersecurity Incident Delay Determinations on justice.gov.
- Download [Webinar Recording] SEC cyber rule: Predictions on the final ruling.
Supply Chains continue to take a beating
The popular file transfer software MOVEit experienced a significant zero-day vulnerability and soon firms like Shell, British Airways, government agencies like the NY Department of Education were hit with ransomware that exfiltrated data out of these organizations. This event highlighted the importance of data resiliency, regular testing of system, and data backups.
And the regulators noticed, putting significant emphasis on vendor risk management best practices in their examination priorities for 2024.
Regulators outside the US to ramp up their cyber expectations
Much has been said of the SEC’s impending cybersecurity rule, but the EU has already approved rules that are now in place and enforcement begins in 12 months. Anyone within or investing in Europe will need to comply.
Not all MFA is the same
MFA fatigue becomes commonplace in targeted attacks. In an effort to simplify MFA use, push to approve applications became popular. Unfortunately, large numbers of attacks are relying on people pressing click to approve as attackers flood their devices with attempts. Drawbridge discusses this and other preventative controls in our recent webinar.
Artificial Intelligence goes mainstream
It was only a couple of years ago that cybersecurity defense services were touting machine learning as the new weapon against cyber attackers. Unlike the benefits of machine learning, AI looked as though it would take a dark turn. Many suggested phishing would become increasing proficient, the time taken for a successful attack would decrease, and impersonations would be undetectable from the real person.
For now, increased cyber awareness and appropriate controls appear to be keeping AI attacks to the same level of risk as traditional attacks. In 2024, it will get more difficult. We hosted a panel of industry ODD experts from the allocator and investor space on AI and other challenges their funds are facing:
Analytics released by Drawbridge
Drawbridge released a new analytics module to our clients that use us for Cyber Risk Assessments. The new module provides key insight into relative ranking of your cyber program scope and benchmarks your risk profile against your peers. It is a powerful tool to understand where to take your program, which remediation actions have the biggest impact and how to position your program to your stakeholders whether they be your investors, regulators, or board.
- Watch demo: Drawbridge Analytics.
Interested in learning how Drawbridge can help your firm easily navigate cyber-related compliance and cyber landscape? Contact our team today.