Operational Due Diligence (ODD)
-
[Webinar recording] Cybersecurity essentials for a successful ODD
The requirements and resources needed for a successful ODD have evolved and will continue to do so. What we see today is cybersecurity not only as a technology risk, but a business and operational risk. Watch the webinar recording where our experts discussed: Essential cybersecurity aspects for your next ODD review. The importance of Risk…
-
Don’t make these cybersecurity mistakes in your next ODD review
Cybersecurity risk is now considered a business and operational risk. This is especially relevant when it comes to ODD reviews. Evaluations of your cybersecurity program should be an ongoing activity to help prove to your board that you are taking incremental progress in protecting your firm and investments. This segues perfectly to mistake #1: Treating…
-
Who’s who on your cybersecurity ODD team?
Since you are the team owner for the ODD team, you report on cybersecurity resources to your board and investors. We get that cybersecurity may not be the most exciting thing about your job. The good news is you don’t have to do it all. However, you do have to intelligently articulate how players on…
-
Exploitation of MOVEit software demonstrates the criticality of vendor due diligence
This can be a hard truth for alternative investment managers to stomach: It’s not a matter of if you’re attacked, but when. Several investment managers learned this the painful way when a method exploiting MOVEit, a third-party file transfer software, was used to attack their firms. We know that securely transferring files between businesses can be a challenge.…
-
Subject to NFA compliance? Adopt these cybersecurity practices today
Cyber criminals target financial institutions more than almost all other industries, according to the Blackberry Global Threat Intelligence Report. Futures and commodities investors are no exception. Here’s an example. Last summer, the EvilNum hacking group specifically targeted forex trading and other alternative investment organizations in a variety of sophisticated, sustained cyber attacks. In cybersecurity speak, EvilNum…
-
7 FTC ‘safeguards rule’ changes that you need to act on now
If your head has been in the sand about the FTC Safeguards Rule that went into effect on June 9, 2023—you need to pull your head out now. Make no mistake, your alternative investment firm is required to adopt cybersecurity best practices immediately. If you fail to comply with the new ruling and fall victim…
-
What The SEC Cyber Rule Means for Your Firm’s Cybersecurity Risk Management
The alternative investment industry is awaiting a finalized ruling from the Securities and Exchange Commission (SEC) on new proposed cybersecurity rules that were originally introduced February 9, 2022 and will significantly impact firms cyber risk strategy. On March 15, 2023, the SEC released an update on the proposed cybersecurity risk management rules and amendments (“proposed Rule 206(4)-9” and “proposed…
-
Webinar replay: SEC Cyber Rule – Get ready webinar series
Drawbridge is hosting a series of webinars on proposed Cyber Requirements for Rule 206(4)-9, Rule 38a-2, and Amendments of 204-2. Through the course of five webinars, Drawbridge will discuss what firms can accomplish now. If you missed the live event ‘Risk Assessment (Internal, Cloud, & Critical Vendors)’ , you can still catch the on-demand version…
-
Cyber Security intelligence: Imminent: Cybersecurity regulations for US financial services
The U.S. Securities and Exchange Commission’s (SEC) is expected to enact new cybersecurity regulations later this year, but the time is now for alternative investment firms to take proactive action. In this article for Cybersecurity Intelligence, Drawbridge CISO and Managing Director Simon Eyre outlines steps that firms can take today so they won’t be forced to…
-
What can Investment Managers do today to minimize the work required when the SEC Cybersecurity Rule becomes final this year?
While we await the final decision that is due in April 2024, preparation to comply with the new regulation should begin now in order to show a track record of cybersecurity governance and of course to strengthen your defenses against rising cyber threats. Alternative Investment and Wealth Managers that have significant gaps in their cyber…
-
Are your employees ready for the SEC’s pending cybersecurity regulations?
A year after the U.S. Securities and Exchange Commission (SEC) proposed amendments to its cybersecurity regulations, the industry is waiting to see the final rules. Once the rules are put in place, funds of every size will need to comply as regulations will be tightened in areas such as risk assessment, vulnerability management and board oversight.…
-
Podcast: Cybersecurity 5 in 5 February 2023
Cybersecurity 5 in 5 is the official podcast of Drawbridge, a premier provider of cybersecurity software and solutions to the alternative investment industry. The podcast covers the top 5 cyber events and trends that listeners need to know about in just 5 minutes.
