Security
-
Cyber vs IT vs Compliance
Cybersecurity, IT providers (such as a managed service provider), and compliance vendors don’t perform the same functions. But you need to engage all three independently to meet investor and regulator expectations. What should you know – Regulators and investors are establishing the standard of an independent audit in cybersecurity risk. Cybersecurity in the Alternative Investment…
-
[Webinar recording] Investment Firms and AI: Navigating New Challenges in Due Diligence, Risk Management & Cybersecurity
In this webinar recording, experts from Dataprise & Drawbridge explored the critical adjustments investment firms must make in light of AI and Large Language Models’ (LLMs) evolving risks. With a focus on actionable advice, this webinar recording: Dives into the rapidly evolving impact AI and LLMs is having on vendor risk management, and cybersecurity, Outlines…
-
Enhancing Private Equity Security: A Case Study on Mitigating Cybersecurity Risk
With an increasing number of cyber threats and attacks targeting sensitive financial data, it is imperative for alternative investment firms to implement robust cybersecurity measures. Increasing investor and regulatory demands on firms’ cybersecurity programs add further complication and urgency to this effort. This is especially true of private equity, where funds must not only focus…
-
Don’t make these cybersecurity mistakes in your next ODD review
Cybersecurity risk is now considered a business and operational risk. This is especially relevant when it comes to ODD reviews. Evaluations of your cybersecurity program should be an ongoing activity to help prove to your board that you are taking incremental progress in protecting your firm and investments. This segues perfectly to mistake #1: Treating…
-
Who’s who on your cybersecurity ODD team?
Since you are the team owner for the ODD team, you report on cybersecurity resources to your board and investors. We get that cybersecurity may not be the most exciting thing about your job. The good news is you don’t have to do it all. However, you do have to intelligently articulate how players on…
-
Why cybersecurity programs are a must-have for emerging funds
Emerging managers face a vicious fundraising market and coupled with the increasing requirements for regulatory compliance they can quickly lose their agile edge in a marketplace. On face value, cybersecurity feels like an anchor to their firm but there are incredible advantages to the start-up fund that might not be initially apparent. It’s not just…
-
Exploitation of MOVEit software demonstrates the criticality of vendor due diligence
This can be a hard truth for alternative investment managers to stomach: It’s not a matter of if you’re attacked, but when. Several investment managers learned this the painful way when a method exploiting MOVEit, a third-party file transfer software, was used to attack their firms. We know that securely transferring files between businesses can be a challenge.…
-
Subject to NFA compliance? Adopt these cybersecurity practices today
Cyber criminals target financial institutions more than almost all other industries, according to the Blackberry Global Threat Intelligence Report. Futures and commodities investors are no exception. Here’s an example. Last summer, the EvilNum hacking group specifically targeted forex trading and other alternative investment organizations in a variety of sophisticated, sustained cyber attacks. In cybersecurity speak, EvilNum…
-
7 FTC ‘safeguards rule’ changes that you need to act on now
If your head has been in the sand about the FTC Safeguards Rule that went into effect on June 9, 2023—you need to pull your head out now. Make no mistake, your alternative investment firm is required to adopt cybersecurity best practices immediately. If you fail to comply with the new ruling and fall victim…
-
Digital Operational Resilience Act (DORA): Bolster your operational resilience today across five pillars
When the Digital Operational Resilience Act (DORA) comes into effect in January 2025, it will impact 21 covered entities from investment firms to ICT third-party service providers. Is your firm ready? Now is the time to evaluate your preparedness and implement the necessary strategies to ensure compliance ahead of the deadline. Unlike previous cybersecurity regulations, GDPR and…
-
Cyber Defense Magazine: Is your firm ready for the SEC?
The proposed SEC regulations have raised the stakes for cybersecurity – how can firms ensure compliance? In this article for Cyber Defense Magazine, Drawbridge President Jason Elmer highlights “Ensuring a firm’s effective cyber posture is not an overnight process – it requires ongoing risk assessments and an actionable road map to identify existing vulnerabilities and correct for the future. With appropriate…
-
Drawbridge wins ‘Best Cyber Security Solution’ at the Private Equity Wire US Emerging Managers Awards
Drawbridge, a premier provider of cybersecurity software and solutions to the alternative investment industry, today announced it was selected ‘Best Cyber Security Service’ at the Private Equity Wire (PEW) US Emerging Managers Awards. The award celebrates excellence among emerging private equity fund managers and service providers. More than 100 General Partners (GPs) and key industry…
