[BreachExchange] Asset Managers and Cybersecurity Risk Management

Tue Apr 12 19:31:12 EDT 2016

http://www.natlawreview.com/article/asset-managers-and-cybersecurity-risk-management

As if 2016 wasn’t challenging enough for asset managers, the rise in
Cybersecurity risk has certainly become increasingly prevalent.  As our
industry continues to depend on digital platforms for real time processing
from everything from data storage to clearing, asset managers must realize
that the threat of a security breach is no longer just about “stealing” but
more about destruction and disruption.  According to market data, in 2015,
our industry suffered well above a 100 percent increase in cyber attacks
and worse yet, 98 percent of current web applications are “breachable.”  If
we are in fact destined to become an industry with compounded digital
platforms, the ability to manage Cybersecurity risk on a fund and third
party service provider level is significantly diminished.

Here are some helpful tips for asset managers:

- Focus on what is your most valuable asset.  Everyone appears to have a
very different view on what this is;

- Understand your infrastructure, where the assets are kept, who has access
to it, and how you are sharing data or transferring assets;

- Train your team and encourage them to report any suspicious emails or
glitches.  Cyber attacks are reportedly happening faster.  One email is
enough to permit Malware.  Once access to your computer is achieved, the
entire database is at risk.  Take the time to train your team with a simple
practical set of risks and action plans.  Carefully consider the best
training program for your team since lengthy on-screen tutorials may not be
the best approach for group’s with access to sensitive data since people
are more likely to click to the end without retaining much of the
information;

- Hire outside counsel with an expertise in this area.  Your outside
counsel will advise you on current regulation, case law and
sanctions/fines.  Furthermore, your outside counsel will guide you in
creating an appropriate set of procedures.  In the event of a breach, your
lawyers will assist you in managing the process and dealing with your
investors, the FBI and regulators.  Reputational risk may be the least of
your worries;

- Cybersecurity is a major threat.  Don’t become complacent. Regulators
will expect actual policies and procedures and investors will invest their
capital with asset managers who are taking the protection of their data and
assets seriously;

- Hire the experts to assist you in creating an action plan.  Something as
simple as a secure communication tool or multi-factor authentication
program can make the difference.  Use layered protection because one
program may not protect you as we continue to compound digital platforms on
the asset manager and third party provider levels.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160412/c04a57dd/attachment-0001.html>