Insights

CYBERSECURITY RISK ALERT: SEC Regulation S-P Risk Alert

April 16, 2019

Today, April 16, 2019, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) published a risk alert regarding compliance issues related to Regulation S-P. The focal points identified by the OCIE were the failure to provide customers with privacy and opt-out notices, as well as the failure to adopt written policies and procedures that address…

Read More

Drawbridge Partners Appoints Viktor Tadijanovic Chief Technology Officer

April 1, 2019

Renowned Technologist and Platform Creator, Viktor Tadijanovic, Joins Drawbridge Executive Leadership Team Drawbridge Partners, premier cybersecurity consulting firm specializing in the needs of hedge fund and private equity managers, has announced the appointment of Viktor Tadijanovic as Chief Technology Officer. In this role, Mr. Tadijanovic will oversee the company’s overall technology strategy and lead the…

Read More

How Private Equity Firms Can Mitigate Portfolio Company Cybersecurity Risk

March 27, 2019

Driven by investors’ demands and regulatory expectations, private equity firms have made significant progress in protecting their data. However, many of their portfolio companies don’t have those same incentives and have not put the same level of cybersecurity protections in place. In a guest article, Jason Elmer, the managing partner at Drawbridge Partners, explains how…

Read More

CYBERSECURITY RISK ALERT: GOOGLE CHROME VULNERABILITY

March 8, 2019

Recently, Google identified a zero-day vulnerability affecting Chrome internet browsers. The vulnerability is a memory management error which could allow a remote attacker to read the contents of files stored on a user’s computer. Google addressed the vulnerability in Chrome version 72.0.3626.121. Check if your Chrome browser is up-to-date:

Read More

CYBERSECURITY RISK ALERT: CISCO WEBEX VULNERABILITY

March 1, 2019

Cisco has identified a vulnerability in its Webex Meetings Desktop App and Webex Productivity Tools. By invoking the update service command with a crafted argument, an authenticated, local attacker could run arbitrary commands with SYSTEM level user privileges. The vulnerability may also be exploited remotely in Active Directory deployments by leveraging operating system remote management…

Read More

CYBERSECURITY RISK ALERT : Cisco Webex Alert

February 28, 2019

Cisco Webex Cybersecurity Alert: Cisco has identified a vulnerability in its Webex Meetings Desktop App and Webex Productivity Tools. By invoking the update service command with a crafted argument, an authenticated, local attacker could run arbitrary commands with SYSTEM level user privileges. The vulnerability may also be exploited remotely in Active Directory deployments by leveraging…

Read More

CYBERSECURITY NEWS ALERT: CFTC’s First Ever Examination Priorities

February 26, 2019

On February 12, 2019, the Commodity Futures Trading Commission’s (“CFTC”) released its first ever examination priorities for registrants of the Division of Market Oversight (“DMO”), Division of Swap Dealer & Intermediary Oversight (“DSIO”), and Division of Clearing & Risk (“DCR”). A notable inclusion in the examination priorities is service provider oversight.

Read More

CYBERSECURITY RISK ALERT: Microsoft Internet Explorer Vulnerability

February 13, 2019

Microsoft has recently identified a vulnerability (CVE-2019-0676) within Internet Explorer (“IE”). When IE improperly handles objects in memory, it is possible for an attacker to test for the presence of files on disk. Attackers can exploit this vulnerability by sending the user a link leading to a malicious website, and coercing them to follow the…

Read More

Cybersecurity News Alert: SEC Infiltration EDGAR System Hack

January 16, 2019

On Tuesday January 15th, the U.S. Securities and Exchange Commission (the “SEC”) announced that it charged nine defendants in an alleged hack of the SEC’s EDGAR system. The hackers allegedly infiltrated the SEC EDGAR system and extracted nonpublic information to use for illegal trading, ultimately profiting $4,135,015 in the process.

Read More

Cybersecurity Vulnerability Alert – Microsoft Windows

January 9, 2019

Microsoft Windows Alert: Microsoft has recently identified a vulnerability in its Windows products. The vulnerability could allow a local attacker to elevate privileges on the targeted Windows-based system. A successful attack would require user-level access and would allow the attacker to execute arbitrary code with escalated privileges and compromise the system entirely.

Read More

Nathan Ford Joins Drawbridge Partners Executive Management Team as Partner

January 8, 2019

Former Eze Castle Integration Executive Director to lead Drawbridge Partners continued expansion   Drawbridge Partners today announced that Nathan Ford has joined the cybersecurity consulting firm specializing in the needs of the financial services vertical, as Partner. In this new role, Mr. Ford will be responsible for supporting the continued growth, team build out, and…

Read More

Cybersecurity Risk Alert – NFA

January 7, 2019

The National Futures Association (“NFA”) recently amended the NFA Compliance Rules 2-9, 2-36, and 2-49: Information Systems Security Programs. The amendments address three areas originally covered in the 2016 Interpretive Notice and go into effect on April 1, 2019. The amendments are as follows: Cybersecurity Training Previously, the NFA required employee cybersecurity training upon hire and periodically…

Read More

Cybersecurity Vulnerability Alert – Cisco

December 27, 2018

Cisco Cybersecurity Alert: NOTE: This vulnerability affects Cisco ASA Software that is running on any Cisco product that has web management access enabled.

Read More

Cybersecurity News Alert – Microsoft

December 21, 2018

Microsoft Internet Explorer Alert: On Wednesday December 19th, Microsoft released a critical security update for Internet Explorer after receiving a report about a new vulnerability being used in targeted attacks. The browser’s vulnerability could allow an attacker to gain the same user rights as the current user. If that user has administrative rights, the attacker…

Read More

Cybersecurity News Alert – U.S. Securities and Exchange Commission (the “SEC”)

December 20, 2018

SEC Cybersecurity News Alert: On Thursday December 20th, the U.S. Securities and Exchange Commission (the “SEC”) released the examination priorities for 2019. The SEC has shifted their examination priorities from years past in an effort to adapt with emerging risks, but cybersecurity continues to remain a top priority for the SEC. The SEC will be…

Read More

CYBERSECURITY NEWS ALERT: December 2018

December 20, 2018

Cybersecurity News Alert December 2018: On December 20th, the Financial Industry Regulatory Authority (“FINRA”) released a report detailing the effective cybersecurity practices and common risks observed during recent examinations. The report focused on the following key areas: Branch Controls Phishing Attacks Insider Threats Penetration Testing Mobile Device Security Branch Controls: Maintaining rigorous cybersecurity controls are a…

Read More

Press Release: Drawbridge Partners Teams with CrowdStrike to Provide Industry-leading Incident Response Services to Alternative Investment Vertical

December 11, 2018

Stamford, CT – Drawbridge Partners, LLC today announced a partnership with CrowdStrike to provide incident response and proactive services within the Drawbridge Partners Cybersecurity offering. The financial services vertical is under heightened scrutiny by both investors and regulators to make sure they have a strong cybersecurity program in place. A good foundation can be built…

Read More

Nearly one-third of firms face up to 10 cyber attacks – Business Insurance

November 20, 2018

A report by U.K.-based Sapio Research found that more than 30% of local financial firms suffered up to 10 cyber attacks in the last 12 months, Finance.co.uk reported. The report found that financial firms experienced an average of five attacks apiece. Nearly half of IT executives said that small businesses do not know how to…

Read More

“Tech Talk: Drawbridge Partners” – HFM Global

October 30, 2018

HFMTechnology recently spoke with Drawbridge’s Managing Partner, Jason Elmer, who provided his insight and expertise on the exceptional benefits of providing global cyber-security practices in the Alternative Investment space. “We saw a gap in the marketplace for alternative investment managers that were looking for a cyber-security partner who was well-versed on the ins and outs…

Read More

Press Release: RootSecure Selected by Drawbridge Partners to Power Cybersecurity Consultancy

October 18, 2018

Drawbridge Partners, LLC engages in a partnership with RootSecure to power its cybersecurity services offering. The entire RootSecure portfolio will be utilized as part of the Drawbridge Partners Cybersecurity offering. With new legislation, frameworks, and guidelines being imposed on the financial industry, it’s never been more important to adopt a more diligent stance with matters of…

Read More