In an interview with CIO Applications Magazine, O’Connor, who is the company’s managing partner, discusses various security measures that organizations can undertake to ensure a threat-free, secure online ecosystem.
How do you help clients mitigate risks in this ever-evolving digital world?
Observing the increasing number of cyberattacks, we have developed a robust cybersecurity program and divided it into two parts. The first one is ‘outsourced IT’ for our clients, wherein we act as their internal IT team. Our quick-start template and methodology provide expert evaluation of cybersecurity risks and efficient implementation of cybersecurity solutions. Having expertise in cybersecurity best practices for investment firms, we conduct SEC and NIST cybersecurity framework gap analysis that includes vulnerability and penetration testing, development and maintenance of cybersecurity policies, infrastructure, and cloud-based employee security awareness training and compliance. For our outsourced IT clients, we act as their Chief Information Security Officer.
The second element of cybersecurity services is for the portfolio companies of our private equity clients. We review the policies, procedures, and infrastructure of the portfolio companies, and identify opportunities to improve by adopting security best practices with the goal of reducing their cybersecurity risk. As an example, we had a client who had a group of 25 portfolio companies with approximately 25 thousand employees. We reviewed each company, assessed their policies and security protocols on several factors of cybersecurity, and provided a detailed report to the private equity company.
Our quick-start template and methodology provide expert evaluation of cybersecurity risks and efficient implementation of cybersecurity solutions
What are the security measures that you have taken to reduce the cybersecurity risk of your clients?
Recent statistics highlight that 90 percent of cybersecurity threats come in through targeted emails, and about 9 percent come in through system vulnerabilities, malicious employee activity, among others. To protect your company from such threats, it is essential to have multiple layers of cybersecurity. The first layer is a cloud email security systems such as Mimecast that blocks 90 to 93 percent of the potential email threats. We also recommend that Multifactor authentication be enabled for all remote access and cloud applications. This is 99.9 effective against account hijacking attempts. Additionally, we recommend a multi-vendor and multi-tactic end point security protection mechanism that includes anomaly-based protection and a 24x7 security operations center to significantly reduces the risk of malware and ransomware.
As the second layer of defense, we suggest that all the employees have to be trained to tackle cybersecurity challenges. To achieve this goal, we have partnered with KnowBe4—the world’s largest security awareness training and simulated phishing platform. KnowBe4 provides video-based cybersecurity training. Our goal here is to ensure the training of every client employee.
Apart from training, performing random phishing testing on a frequent basis is essential. We typically see a 30% initial click through rate at organizations that have not trained their users in the risks of cybersecurity. After implementing a program of quarterly on-line training and random testing this drops by 50% each quarter before stabilizing at around a 2% click through in the 2nd year of training.
In this cutthroat competitive scenario, what makes you stay ahead of the pack?
One of the qualities that distinguish us from the crowd is our focus on developing IT best practices for the asset management vertical, and the fact that we are a Microsoft Cloud Solution Provider. We leverage our role as a Microsoft Cloud Solution Provider to help clients drive new business value through the cloud with high-value offerings that optimize the benefits of cloud computing. We are also be able to add value by bundling IT solutions leveraging industry-leading Microsoft products like Windows, Office 365, and Azure to deliver secure, reliable, and cost-effective cloud architectures for our clients. Having a closer technical partnership with Microsoft allows us to collaborate on more complex cloud and hybrid solutions. The partnership includes ongoing technical training and certifications to improve our employees’ knowledge of Microsoft products so that we can help our clients take advantage of market shifts to cloud-based solutions to drive their growth and profitability.