APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Risk Management
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    Editor's Pick (1 - 4 of 8)
    left
    Digitization Transforming Business in all Sectors

    Robert Aitken, CIO, Beyond Bank Australia

    Trend Micro: Nurturing Risk Management with Hybrid Cloud

    CEO & Co-founder

    Ensuring your Seat on the Leadership Table

    David Otte, CAO and CIO, Bingham Greenebaum Doll LLP

    Cyber Fraud - the Silent Killer

    Bill Murphy, SVP, CIO & CRO, Fidelity Bank of Florida N.A.

    All Roads Lead to Risk Assessment

    Christopher R. Barber, EVP & CIO, Commonwealth Business Bank

    Navigating the Dynamic Terrain of Modern Banking

    HenkySulistyo, Chief Risk Officer ,CIMB Niaga

    Getting the Most from Your Road Risk Management Programme

    Caroline Perry, Development Director at Brake

    Data Intelligence Steroids as a Decision Making Process

    Vladimir Mendes Queiroz, Internal Audit Manager, Eliane Ceramic Tiles Brazil / Mohawk Industries Inc

    right

    Risk Assessment Keeping Cyber Bully Away

    Paul Ernst, CIO, Sandler Capital Management

    Tweet
    content-image

    Paul Ernst, CIO, Sandler Capital Management

    “Two roads diverged in a wood, I took the one less travelled by, and that has made all the difference.” – Robert Frost

    This sounds like a great way to mitigate risk in some instances, but in today’s advanced, technology-driven capital markets, it’s all about who gets there first. Every day, companies invest capital into their network infrastructure to ensure that they receive real-time information and best execution on their trades–perhaps just nano seconds faster than their peers. While the goal for many firms is to build the ultimate shortcut, we can’t cut corners when it comes to security. As CIOs and CTOs, our goal is to ultimately reduce the risk profile of our companies. 

    Risk Assessment

    The risk assessment is the all-encompassing identification of risk across the enterprise, and the subsequent determination of an acceptable level. While companies use different methodologies when performing an assessment, it is generally a combination of the following:

    - Policy development and review - Gap analysis - Security assessment and penetration testing - Vendor assessment and due diligence - Employee awareness and training

    Large companies will likely have an internal team to handle this, but for many of us in the hedge fund space, I find it best to engage a third party to perform the risk assessment. There are a number of excellent firms that provide this service, and while not cheap, I am very comfortable spending the money to have an expert with an objective eye to analyze my operations and make the appropriate recommendations.

    While you may have solid policies already in place, validation is crucial. One misstep can throw off an entire incident response plan, or perhaps, you might be missing a critical element of a vendor assessment. Firms have been made increasingly aware that they are still responsible for investors’ data even if it resides with a third party. As the trend of enhanced scrutiny by investors and regulatory agencies will undoubtedly increase, a formal independent risk assessment is more likely to become a requirement at some point, rather than an option.

    "It is absolutely essential to realize the threats that we face or else we have no chance of stopping them"

    Perimeter and Endpoint Protection

     
    Tune into any mainstream news media outlet on a given day, and you will almost certainly encounter a number of headlines regarding massive company data breaches, nation-state hacking and reports of new ransomware variants. As these cyber attacks continue to escalate, so do our security budgets.

    Financial companies need to implement a scalable security solution that not only protects the perimeter, but also propagates down to every last endpoint. This list is by no means exhaustive, but a hybrid of next-generation firewalls, intrusion detection/prevention (there are some excellent third-party SOCs for smaller to mid-sized companies that don’t staff their own), multi-factor authentication, encryption, patch management, backup, web filtering, unified mail security products as well as endpoint access and control platforms should all be deployed throughout the organization.

    Employee Awareness/Training

    The adage may be a tired one, but none is truer than ‘your employees are your biggest threat’. While deliberate acts by an employee are cause for concern, those aren’t the ones that keep me up at night. It’s the other ones. It’s the ones where employees open email attachments from unknown senders and click links in emails supposedly from UPS and FedEx. It’s the untrained ones.

    In my opinion, it’s not an accurate or comprehensive risk assessment unless it involves thorough and continuous employee awareness and training. While the format should be highly tailored to the company size and culture, general training sessions should be held regularly. As new threats evolve, so should employee awareness.

    One highly effective component of security awareness is phishing and social engineering tests. Prior to a seminar, run a phishing campaign and share the results with the attendees. There’s no benefit to individually calling anyone out in public, but be assured that this is one area that will command their attention, so embrace it. After the meeting, run another campaign. And in a month, run another campaign. Of course this is pointless, if you don’t then train those employees based on their results. Statistics have shown a very high success rate training with this method.

    Educate Yourself

    “I am always doing that which I cannot do, in order that I may learn how to do it.” – Pablo Picasso

    While the first three topics are fairly common across the industry, I seldom see this final one in this context. Every so often, I like to take a step back and take a look at my own performance-let’s call this my own personal gap analysis if you will. In our industry, it is absolutely essential to realize the threats that we face or else we have no chance of stopping them.

    Granted, I don’t have the time to keep up to date with every technology in every publication, but what I have found to be incredibly beneficial, is peer networking. I’ve come across a wealth of instantly actionable information just by joining peer groups and attending industry events.

    Finally, while I simply don’t have the bandwidth to address all of the sales pitches that are sent my way; I do find value in building meaningful relationships with a handful of vendors and integrators. I consider them to be a great source of knowledge on today’s security trends and products, and they are always anxious to educate me. So don’t be afraid to return that sales call. You might be surprised.

    Sandler Capital Management is involved in asset management business that includes $830 million within its hedge fund portfolios. Since 1980, the company is operating from its headquarter New York, U.S. 

    tag

    Financial

    Scrutiny

    Weekly Brief

    loading
    10 Most Promising Risk Management Solution Providers - 2017
    ON THE DECK

    Risk Management 2017

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Artificial Intelligence - Myths And Truths

    Artificial Intelligence - Myths And Truths

    Geraldo Pereira Junior, Chief Information Officer, Ypê
    Sustainable Future through Innovative Technology Solutions

    Sustainable Future through Innovative Technology Solutions

    Faisal Parvez, Director, BT Business CIO
    The Future Relies on Augmented AI

    The Future Relies on Augmented AI

    Laurent Fresnel, CIO, The Star Entertainment Group
    Digitalization with the use of digital technologies/Improving business through digital technologies

    Digitalization with the use of digital technologies/Improving business through digital technologies

    Wilbertus Darmadi, CIO, Toyota Astra Motor
    How Marco's Pizza Leaned On Technology To Succeed Amid The Pandemic By Quickly Pivoting To Contact-Free Delivery And Curbside Carryout

    How Marco's Pizza Leaned On Technology To Succeed Amid The Pandemic By Quickly Pivoting To Contact-Free Delivery And Curbside Carryout

    Rick Stanbridge, VP & Chief Information Officer, Marco’s Pizza
    Bunnings  Diy Digital Transformation

    Bunnings Diy Digital Transformation

    Leah Balter, Chief Information Officer, Bunnings
    For a Smarter City: Trust the Data, Ignore the Hype

    For a Smarter City: Trust the Data, Ignore the Hype

    Brad Dunkle, Deputy CIO, City of Charlotte
    Smart Community Innovation for the Post Pandemic

    Smart Community Innovation for the Post Pandemic

    Harry Meier, Deputy Cio for Innovation, Department of Innovation and Technology, City of Mesa
    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://risk-management.apacciooutlook.com/ciospeaks/risk-assessment-keeping-cyber-bully-away-nwid-3920.html