Cyber crime is on the increase and Fund Managers are prime targets
The SEC, European Union and the Information Commissioner are all hardening their view on Regulated firms Information and cyber security
in fact the head of the FCA (at the time), Martin Wheatley, said in a speech in June 2014 “Finally, a word on some of the tech-risks we’re facing that seem to bring little or no upside… – probably the most pressing issue – cyber-crime.”
There are several bodies who have real power in the Financial Advice marketplace. Let’s look at the runners and riders.
|The European Union||Financial Conduct Authority||Information Commissioner||SEC & CFTC|
|Click here to find out more||Click here to find out more||Click Here to find out more||Click Here to find out more|
|Fines – 2% of Turnover or Up to €1,000,000||Enforcement Action||Fines – Up to £500,000||Enforcement Action|
IP Sentinel Services
IP Sentinel offers a range of services to improve a Regulated Entities Information and Cyber Security
Centralized Log Management
The single best way to improve the day to day security posture of an organisation is to have a centralised collection point for all log data. This allows administrators a holistic view of their environment. This view presents an overview of user activity that can be base lined and monitored against.
Security Posture Analysis provides a point-in-time assessment of the risk posed to an organization by vulnerabilities present in the organization’s process, network, systems and physical security controls. The service defines the extent to which identified vulnerabilities can be utilized to achieve unauthorized access to the Firms systems. The service comprises various activities including process assessment, vulnerability discovery, regulatory assessment, forensic readiness assessment and penetration testing
IP Sentinel will assess a firms Information and cyber security to the specific regulatory regime in place. The assessment will provide process or systems enhancements that will be required to satisfy the appropriate regulator.
Most information leakage is a when-not-if event. As Firms accept that a hard outer shell and a soft center is no longer appropriate to today’s information threat the strategy changes from locking out the bad guy to working out what the bad guy has done. The IP Sentinel Forensic readiness service creates a policy framework and virtual sand traps in a firms environment so that if the worst happens a firm will know what is missing and how it happened.
Part of keeping safe is working out, in as benign way as possible, where any vulnerabilities lie. IP Sentinel have deep experience in penetration testing within Fund Managers and Other regulated entities. One of our engagements was to break into a Hedge Fund and perform a trade on their FIX network. This was duly accomplished and the firm has now implemented tighter controls and various virtual sand traps.