Insights
The cyber landscape never stops shifting – and neither should your perspective. Our Insights bring you expert commentary, thought leadership and practical guidance on the issues shaping the alternative investments sector. Stay ahead of regulators, satisfy investors, and strengthen your resilience with analysis from the team that knows your world best.
-
Q&A: Cybersecurity questions posed to ODD professionals
In case you missed it, Drawbridge broadcasted a webinar entitled, Expert Insights on Cybersecurity in ODD on November 15, 2023. We were joined by Christopher Vella, Technical Due Diligence Analyst from Albourne Partners, and Lauri Martin Haas, Managing Director at Prism Alternatives. They are both deeply experienced operational due diligence professionals who shared their insights…
-
Exploitation of MOVEit software demonstrates the criticality of vendor due diligence
This can be a hard truth for alternative investment managers to stomach: It’s not a matter of if you’re attacked, but when. Several investment managers learned this the painful way when a method exploiting MOVEit, a third-party file transfer software, was used to attack their firms. We know that securely transferring files between businesses can be a challenge.…
-
Subject to NFA compliance? Adopt these cybersecurity practices today
Cyber criminals target financial institutions more than almost all other industries, according to the Blackberry Global Threat Intelligence Report. Futures and commodities investors are no exception. Here’s an example. Last summer, the EvilNum hacking group specifically targeted forex trading and other alternative investment organizations in a variety of sophisticated, sustained cyber attacks. In cybersecurity speak, EvilNum…
-
7 FTC ‘safeguards rule’ changes that you need to act on now
If your head has been in the sand about the FTC Safeguards Rule that went into effect on June 9, 2023—you need to pull your head out now. Make no mistake, your alternative investment firm is required to adopt cybersecurity best practices immediately. If you fail to comply with the new ruling and fall victim…
-
What The SEC Cyber Rule Means for Your Firm’s Cybersecurity Risk Management
The alternative investment industry is awaiting a finalized ruling from the Securities and Exchange Commission (SEC) on new proposed cybersecurity rules that were originally introduced February 9, 2022 and will significantly impact firms cyber risk strategy. On March 15, 2023, the SEC released an update on the proposed cybersecurity risk management rules and amendments (“proposed Rule 206(4)-9” and “proposed…
-
What can Investment Managers do today to minimize the work required when the SEC Cybersecurity Rule becomes final this year?
While we await the final decision that is due in April 2024, preparation to comply with the new regulation should begin now in order to show a track record of cybersecurity governance and of course to strengthen your defenses against rising cyber threats. Alternative Investment and Wealth Managers that have significant gaps in their cyber…
-
Banking collapse fallout: protect yourself from related cyber risks
Cybercriminals are opportunistic and will capitalize on unpatched systems, current global events or known vulnerabilities. The Silicon Valley Bank and Signature Bank collapses will attract cybercriminals to exploit the situation and take advantage of consumer anxiety and the sense of urgency permeating the markets. Cybercriminals will likely harness social engineering attacks that go beyond everyday…
-
Are your employees ready for the SEC’s pending cybersecurity regulations?
A year after the U.S. Securities and Exchange Commission (SEC) proposed amendments to its cybersecurity regulations, the industry is waiting to see the final rules. Once the rules are put in place, funds of every size will need to comply as regulations will be tightened in areas such as risk assessment, vulnerability management and board oversight.…
-
What can the ION Markets ransomware attack teach the industry about cyber-threats?
When ION Markets was hit by a ransomware attack last week, it reverberated across the trading landscape and disrupted derivatives trading. Many UK, European and U.S. firms were forced to revert to manual settlement processes. While ION was clear to communicate that the incident was contained, it was just the latest example of cyber criminals…
-
The Value of Ethical Hacking
The words “a hacker has infiltrated our systems” sound like a disastrous scenario for any firm – but what if the hacker were welcome? Invited, even? While many firms have invested in cybersecurity technology and training, the true strength and weaknesses of a company’s defenses will only be revealed when put to the test. Enter…
-
Top Events That Shaped Cybersecurity and Resilience in 2022
There are thousands of breaches and cyber events each year, across geographies and industries – some that garner intense media coverage, and many that fly under the radar. Global regulators are continuing to ramp up the pressure on companies to improve cybersecurity resilience and implement safe data practices. As we enter 2023, it’s important to…
-
Do you know anything about your company’s Business Continuity and Operational Resilience? Well, in this day and age you should
Much has been written about business continuity (BC) and operational resilience (OR) over the last few years. The speed and impact of the pandemic meant all those carefully laid plans were tested to the limit, with some organizations faring better than others. Anyone hoping for a let-up would have been sorely disappointed. As Duncan Mackinnon,…
