Policies and programs
-
Cyber Security Intelligence: Cybersecurity: Prepare for the year ahead
2022 was a notable year for financial services cybersecurity regulations including increased requirements from the SEC. The new SEC proposed comprehensive rule change will clarify the expectations of firms to achieve compliance, meaning many firms will have to fortify their cybersecurity strategies for 2023. In this article for Cybersecurity Intelligence Drawbridge CISO Simon Eyre predicts increased penalties…
-
Webinar Recap: How the SEC’s New Proposed Cybersecurity Rules Could Change Your Firm’s Security Requirements
The U.S. Securities and Exchange Commission (SEC) has proposed cybersecurity rules that represent a revolutionary approach to cybersecurity and will affect all firms in the alternative investment industry – including yours. Regulatory pressure is rising – and firms must prepare now to ensure they can meet and exceed current and future expectations. But what will the SEC’s…
-
Do you know anything about your company’s Business Continuity and Operational Resilience? Well, in this day and age you should
Much has been written about business continuity (BC) and operational resilience (OR) over the last few years. The speed and impact of the pandemic meant all those carefully laid plans were tested to the limit, with some organizations faring better than others. Anyone hoping for a let-up would have been sorely disappointed. As Duncan Mackinnon,…
-
Lessons learned from EyeMed’s costly $4.5 million failed risk assessment
In October 2022, the New York State Department of Financial Services (NYDFS) ordered EyeMed Vision Care, a Cincinnati, Ohio-based vision benefits company, to pay a $4.5 million fine for failing to conduct a necessary risk assessment and violating NYDFS cyber rules. So, what was EyeMed’s mistake? The insurance firm fell short on implementing a multifactor authentication process…
-
How Hedge Funds Can Stay Ahead of Ransomware with the Right Incident Response Plans
There can be no hedging your bets when it comes to defending against ransomware. Funds don’t need to look far for high profile examples of devastating attacks, from Conti’s strike on Costa Rica in April to last year’s infamous Colonial Pipeline breach. And ransomware is on the rise, thanks to the growth of trends like ransomware-as-a-service. Verizon’s 2022…
-
Are Hackers Phishing in Your Waters? Top Tips to Protect Your Firm
When cybercriminals go phishing, it’s financial firms they want to land. According to research published last month by the Anti-Phishing Working Group, the financial sector (including banks) was the most frequently victimized by phishing in Q2 2022, accounting for 27.6% of all phishing attacks. And there’s a good reason why. As a highly lucrative industry predicted to grow…
-
Cybersecurity Awareness Month: ‘See Yourself in Cyber’
Accelerate and Enhance Your CyberSecurity and Risk Management Program As Cybersecurity Awareness Month 2022 is in full swing, it’s an ideal time for businesses to review their cybersecurity, business continuity and risk management processes. These types of annual events are an easy point in the calendar where companies can take stock of their efforts and engage in…
-
Typo-Squatting: 5 Steps to Avoid Falling Victim
Today’s hackers constantly look for additional ways to capitalize on cyber security shortfalls and compromise sensitive data and information. Our clients report that social engineering attacks involving typo-squatting techniques are on the increase. Many businesses fail to realize how easily they can fall victim to this type of attack – but as real world instances…
-
How Government Regulations Can Aid Cybersecurity Defenses
Drawbridge CISO Simon Eyre authored this piece, originally featured in Security Boulevard. “In cybersecurity […] we all have a responsibility to ensure that our threat defenses are up-to-date, that our teams are educated and aware of common threats, and that we gather, store and use sensitive data appropriately. But we must also be conscious of…
-
Cyber Security Intelligence: Ransom – Prepare For The Worst
In this contributed article, Drawbridge CISO Simon Eyre highlights the continuing – and growing – threat of ransomware. He also offers four steps to combat ransomware, which are summarized below. Four steps to combat ransomware Preparation and testing (“It’s critical to be able to access [the incident response] plan at a moment’s notice, so make sure…
-
The SEC Gets Real with Investment Advisers and Funds About Their Cyber Hygiene
Acknowledging the severity of cyber risks, the SEC in early February proposed new cybersecurity risk management rules and amendments for registered investment advisers, registered investment companies, and funds. Thanks to law firms, management consultants, and other SEC watchers, in-depth analyses of the proposed changes are readily accessible online. These reports do a good job of walking readers through…
-
Cybersecurity Webinar: Drawbridge x SEC Compliance Solutions
As cybersecurity becomes an increasingly hot topic for advisors and their clients, we took the opportunity to discuss how risks are changing and share industry knowledge that can help strengthen your firm’s cyber environment. Listen in as Katie Mogan of SCS and Adam Menkes of Drawbridge address important concerns facing investment advisers and funds, including:…
