Thu, Oct 28, 2021
A A A
Welcome Guest
Free Trial RSS
Get FREE trial access to our award winning publications
Private Equity Strategies

Why private equity firms are at risk of cyber-attacks

Friday, September 29, 2017

By: Steve Schoener, Chief Technology Officer, Eze Castle Integration

Threats to private equity firms continue to grow both in scope and sophistication, meaning cyber strategies and practices require equally complex and progressive thought. Particularly for firms with limited (or nonexistent) security resources, it can be a daunting task to stay on top of the new and evolving risks at hand. But meticulous attention needs to be employed to mitigate these ongoing threats.

Today’s hackers and cyber criminals are not only targeting IT systems, but humans as well. Attacks vary in target, size and motive, but all pose serious risks to a firm’s wellbeing, thus it’s vital to be aware of common threat types targeting the private equity community. Threats to be mindful of include:

  • Malware/ransomware: Virtual cyber threats impacting firm systems and networks often taking advantage of system flaws, legacy technology and/or insufficient cyber protections

      Social engineering: Deceptive scams, e.g. phishing, intended to manipulate users into divulging confidential data or leaving open a gateway to said information

    • Insider threats: Unintentional or malicious activity on the part of a firm’s employee resulting in leaked, stolen or compromised information

    Unfortunately, once hackers gain access to your network or data, there is a lot that they can do to wreak havoc for private equity firms. In fact, with their roguish hands on the right information, the consequences can be downright destructive for a firm’s business operations and integrity.

    • With stolen passwords and login credentials, hackers can gain access to company systems and networks – not an insignificant feat.

    • Inside your email, a hacker can access, send and delete communications at will, potentially intercepting company sensitive material, financial data or personal details they can use to further infiltrate networks.

    • Hackers can decipher corporate hierarchies and send phishing emails to CFOs, for example, requesting fund transfers to provided bank account numbers.

    • A stolen or shared password could also unlock access to a firm’s CRM or accounting system, which may contain customer and potential customer information (company and personal), financials, investor analysis, sales forecasting data, etc.

    • With their hands on deal flow or portfolio acquisition information, there’s a chance hackers could disrupt M&As or deal agreements or leak company material in advance of confidential negotiations.

    To gain a comprehensive understanding of your security posture, private equity firms should conduct a thorough risk assessment on a regular basis. Risk assessments can take many forms (technical, regulatory, etc.) and should be conducted broadly to ultimately provide firms with a roadmap that identifies risks and provides guidance on future security initiatives. What should those initiatives include?

    Private equity firms may consider exploring industry frameworks to design comprehensive cyber programs. For example, the National Institute of Standards in Technology (NIST), focuses on building layers of security across an organization. Their primary layers – Identify, Protect, Detect, Respond and Recover – assist firms in mapping specific strategies and safeguards to ensure a comprehensive security program is designed to mitigate risk. Following are a few examples of strategies and protections firms can employ to thwart cyber-attacks:

    IDENTIFY: Risk assessments, network inventory audits

    PROTECT: Access control, security awareness training, email and endpoint security, patch management, phishing simulations, encryption

    DETECT: Intrusion detection/prevention, vulnerability assessments

    RESPOND: Incident response, remediation

    RECOVER: Backup services, disaster recovery

    Mitigating Third Party Risk

    Many private equity firms simply don’t have the necessary technical resources in-house to manage technology and security – hence, outsourcing. Outsourcing all or portions of technology and cybersecurity responsibilities to a managed service provider provides many advantages. And while relying outsourcing is a welcome relief for many firms, it does not absolve them of their responsibility to manage their own firm’s risk. In fact, on top of managing your own risk, outsourcing means also managing the risk associated with your vendors and service providers.

    A few key reminders on vendor due diligence and risk management:

    • Understand who your outsourced providers are, what functions they provide and what data/systems they have access to

    • Consider sending requests for proposals (RFPs) and DDQ documentation requests to any third parties you are evaluating and review engaged third parties annually

    • Continuously evaluate and monitor to ensure all parties are achieving their end goals and meeting expectations

    • Understand Service Level Agreements (SLAs), contractual loopholes and any third party operational practices that may affect migration plans or your firm’s security standing in the short and long-term

 
This article was published in Opalesque's Private Equity Strategies our monthly research update on the global private equity landscape including all sectors and market caps.
Private Equity Strategies
Private Equity Strategies
Private Equity Strategies


Today's Exclusives Today's Other Voices More Exclusives
Previous Opalesque Exclusives                                  
More Other Voices
Previous Other Voices                                               
Access Alternative Market Briefing


  • Top Forwarded
  • Top Tracked
  • Top Searched
  1. Institutional Investors: Vanderbilt University endowment records 57.1% return for fiscal year, MIT endowment logs 55.5% return for latest fiscal year, AP1 re-tenders $720m emerging markets small-cap mandate, Harvard, world's wealthiest university, sees endowment soar to $53.2bn, San Francisco shifts passive equity mandate to active BlackRock ESG strategy[more]

    Vanderbilt University endowment records 57.1% return for fiscal year From PIonline.com: Vanderbilt University's endowment returned a net 57.1% in the fiscal year ended June 30, according to a financial report on the Nashville, Tenn.-based university. The report did not provide benchma

  2. New Launches: Massar Capital launches new global discretionary strategy, White Oak closes latest direct lending fund at $1.3bn, Aterian replicates speedy fundraise to collect $830m in nine weeks, Sofinnova holds $548m final close for Capital X, Multicoin Capital targets $250m for third crypto VC fund, Tobam launches French bitcoin and blockchain fund[more]

    Massar Capital launches new global discretionary strategy Massar Capital Management has launched a new discretionary macro hedge fund strategy which aims to capitalize on directional trading opportunities across a broad set of global markets. The Massar Macro Directional is the N

  3. How Viking Global became the hedge-fund industry's hottest launch pad[more]

    From Business Insider: Since Dan Sundheim's massively successful launch of D1 Capital in 2018, there have been six more spinoffs from Viking Global that have collectively raised billions - and at least one more is in the works. Among them: Grant Wonders, 31, who launched Voyager Global this ye

  4. PE/VC: Moody's warns of 'systemic risks' in private credit industry, Sequoia to restructure itself away from traditional VC model, Modeling private equity market beta, VC investors pour money into Chinese start-ups despite regulatory crackdown[more]

    Moody's warns of 'systemic risks' in private credit industry From FT: The burgeoning private credit industry of lending to buyout groups has grown to about $1tn, but opacity, eroding standards and the difficulty in trading these slices of debt pose "systemic risks", according to rating

  5. PE/VC: Private equity M&A frenzy has cautious undertones, Venture capital exit values soar, Private equity and venture capital drove outsized returns at Bowdoin, Harvard, and the University of Pennsylvania, Private equity tops explosive tech growth as returns rocket[more]

    Private equity M&A frenzy has cautious undertones From Reuters: Private equity dealmakers are in two minds. Buyout barons, led by titans like Blackstone boss Steve Schwarzman, are on track for a record year for takeovers. Yet they're also offloading companies at a much faster pace than