Security is no longer merely a technical department issue; it has grown to be a major issue for investment firms and their portfolio companies.
Cyber-threats are getting more powerful, and GPs are realizing that they need more strong security measures that go beyond standard IT options, according to listeners at Private Funds CFO‘s annual CFOs Forum in NY.
New domains of danger
” What was once seen as an IT problem is now a business-wide problem, and this transition is impacting everyone, especially with all the offshoring happening”, said the CFO of a Pa firm that focuses on the food and agribusiness sector.
More firms are thinking carefully about security. Companies are not only concerned with protecting their inner systems, but also with presenting themselves as safe to potential investors.
The environment is now more complicated because businesses must manage both their own cybersecurity risks and those of their service providers as a result of outsourcing.
” When you outsource, the risks don’t just keep within your own business, they extend to the partners you work with. But, it’s not just about managing your personal security dangers, but also those of your service providers. There are many different levels to this, and it’s crucial to comprehend every detail,” the PE CFO for food and agriculture said.
Challenges evolve
Hackers are getting smarter, thus cyber-risks are changing. Imitation attacks are becoming more frequent, particularly when businesses announce new investments. Additionally, attackers are no longer only sending poorly written hacking messages. They are creating very convincing fake communications using AI and thorough research.
” These were once simple to place, like a strangely worded message or a cautious domain,” said one CFO expert. However, with the development of AI, attackers can now thoroughly research a company’s operations and produce much more compelling fake communications. It’s not as easy to detect again”.
One IT firm director of cybersecurity training concurred and said,” People can then mimic voices and attempt to elicit false wire transfers.” Therefore, you must have procedures and policies in place to teach employees how to handle this kind of a situation.
Especially easy targets for businesses with weaker security programs are those with weaker security programs. When hackers gain entry, they can evade paying bills or steal sensitive data.
The CFO of a worldwide PE firm said,” Attackers are getting better at portraying someone at the agency, and they use this faith to gain access to sensitive information or persuade people to take steps they wouldn’t usually do.”
How businesses are handling digital risks
The CFO New York event attendees all agreed that Pa companies are addressing this by adopting complete security systems. The security model from the National Institute of Standards and Technology is a well-liked choice. It provides businesses with a clear framework for assessing and managing security risks.
Additionally, businesses have established data protection committees and regularly assess threats.
” Attackers are getting better at impersonating someone at the agency, and they use this trust to gain access to sensitive information or persuade others to do things they wouldn’t normally would.”
CFO, world PE firm
” We do a baseline judgment, which ties up to this model, and evaluate the risks inside the company. Then we employ outside experts to conduct insertion tests, according to the world PE firm’s CFO.
Instead of completing one large security assessment per year, more companies are conducting continuous assessments. To keep their groups on top, Pa companies are running phishing simulations and security awareness programs. New employees undergo stringent safety training to make sure they are prepared from day one.
Some cash take a simpler, top-down approach to security, such as requiring everyone at the company to use one sign-on and encrypted laptops, and offshoring security to third-party providers.
” Rather than over-engineering things, they chose a more streamlined method. It’s a quick way to roll something out, though it’s not as comprehensive”, the CFO of a global PE firm said.
Cyber insurance
Surprisingly, a lot of companies do not have cyber insurance, or their policies have expired. ” I’ve always pushed for insurance, and it costs nothing for protection”, a food and agribusiness PE CFO said.
Insurance policies must be carefully reviewed to ensure they adequately cover common threats.
According to the CISO of a cybersecurity provider,” Some insurers only cover industries like crypto or cannabis, so firms need to read the fine print and make wise decisions when selecting providers.”
‘ White hat’ AI
General practitioners are developing AI usage policies with concise instructions on data security because it may supercharge threats. Some businesses are beginning small by testing AI solutions with a select group of users before distributing them more widely.
However, PE companies are also utilizing AI to boost security measures and detect fraud.
Although its usefulness as a safeguard is unknown, this new technology may actually help to neutralize the threats brought on by other applications of it. For now, the threats from AI seem to be multiplying faster than the solutions, but then again, GPs will always have to be on guard, and a hacker only needs to get lucky once.
The cybersecurity panel referenced in this article was held on background, so quotes cannot be attributed