Art by Cinta Fosch
With risks everywhere, responsibility for cybersecurity needs to be shared across asset owners and the companies in which they invest.
In a September presentation to an asset and wealth managers event sponsored by the Alternative Investment Management Association, WTW offered an assessment of the cyber threat landscape facing the industry, where gaps and exposures may exist, and the following cyber controls asset managers and asset owners should consider.
|
Multi-Factor Authentication |
- Additional security ‘layer’
- Hackers love single-factor
- Widespread deployment
|
|
Segregation / Segmentation |
- Reducing ‘blast’ radius
- Supports response and recovery
- Physical & logical segregation
|
|
Data Security |
- Encryption at-rest and in-transit
- Data classification strategy
- Data breach response plans
|
|
Incident Response & Business Continuity |
- Assume breach philosophy
- Tried and tested > response efficacy
- Cyber crisis management
|
|
Privileged Access Management |
- ‘Keys to the Castle’
- Limit number of privileged users
- Wider access control management
|
|
Backup Strategy |
- Resumption of business operations
- Multiple formats / locations
- Restoration testing a must
|
|
Security Testing |
- Internal- / External- facing systems
- Structured program
- Use software development lifecycle principles
|
|
End of Life / Unsupported |
- Enhanced monitoring
- Segregation of environments
- Strategy for decommission
|
|
Endpoint Security |
- Endpoint Detection & Response
- Monitoring
- Remove administrator privileges
|
|
Email Security |
- Email filtering & data loss prevention
- Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication Reporting & Conformance a minimum
- Awareness training is crucial!
|
|
Patching & Updates |
- Critical patching process / timeline
- Formal change management plan
|
|
People Security |
- Multi-format training strategy
- Phishing simulation
- Assessment of cyber culture
|
Source: WTW
Related Stories:
How Private Equity Firms Can Protect ‘Treasure Trove’ From Digital Threats
Cybersecurity Investing Must Navigate Growth Slowdown
Tags: Cybersecurity, Cybersecurity Risk Management, Special Coverage: Cybersecurity, WTW
