Critical Cyber Controls

What are the key controls and processes for supporting effective cybersecurity in asset management?

Art by Cinta Fosch


With risks everywhere, responsibility for cybersecurity needs to be shared across asset owners and the companies in which they invest.

In a September presentation to an asset and wealth managers event sponsored by the Alternative Investment Management Association, WTW offered an assessment of the cyber threat landscape facing the industry, where gaps and exposures may exist, and the following cyber controls asset managers and asset owners should consider.

 

Multi-Factor Authentication
  • Additional security ‘layer’
  • Hackers love single-factor
  • Widespread deployment
Segregation / Segmentation
  • Reducing ‘blast’ radius
  • Supports response and recovery
  • Physical & logical segregation
Data Security
  • Encryption at-rest and in-transit
  • Data classification strategy
  • Data breach response plans
Incident Response & Business Continuity
  • Assume breach philosophy
  • Tried and tested > response efficacy
  • Cyber crisis management
Privileged Access Management
  • ‘Keys to the Castle’
  • Limit number of privileged users
  • Wider access control management
Backup Strategy
  • Resumption of business operations
  • Multiple formats / locations
  • Restoration testing a must
Security Testing
  • Internal- / External- facing systems
  • Structured program
  • Use software development lifecycle principles
End of Life / Unsupported
  • Enhanced monitoring
  • Segregation of environments
  • Strategy for decommission
Endpoint Security
  • Endpoint Detection & Response
  • Monitoring
  • Remove administrator privileges
Email Security
  • Email filtering & data loss prevention
  • Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication Reporting & Conformance a minimum
  • Awareness training is crucial!
Patching & Updates
  • Critical patching process / timeline
  • Formal change management plan
People Security
  • Multi-format training strategy
  • Phishing simulation
  • Assessment of cyber culture

Source: WTW

Related Stories:

How Private Equity Firms Can Protect ‘Treasure Trove’ From Digital Threats

Cybersecurity Investing Must Navigate Growth Slowdown

Want the latest institutional investment industry
news and insights? Sign up for CIO newsletters.

Tags: , , ,

«