Focus on Funds: Insights on Managing Third Parties and Cyberthreats
Insights on Managing Third Parties and Cyberthreats
There are many ways asset managers can ensure that their third-party vendors are adopting strong cybersecurity practices. The August 26, 2016, edition of Focus on Funds details some key takeaways from a panel discussion at ICI’s recent Global Cybersecurity Conference in London.
Transcript
Stephanie Ortbals-Tibbs, Director, ICI Media Relations: In the asset management industry, third-party vendors are fundamental to how we do business. How should the risks—particularly the cybersecurity risks that can come with using vendors—be managed? At ICI Global’s latest Cybersecurity Conference, we got some fresh advice.
Matthew Martindale, Director, KPMG: What you really want to focus on are the vendors that provide critical business services to you and also have your crown jewel information assets. These could be the vendors that you’re sharing this information with to process on your behalf or maybe the vendors that have access to your networks and systems. Once you understand who they are, then those are the ones you really need to focus your efforts on. When you go and talk to these organizations, what you’re really looking for is to get some comfort and assurance that they’re managing your data and assets in a way that is in line with your own policies and risk appetite. There are a number of frameworks you can use to enable this discussion. One that’s getting a lot of traction at the moment is the NIST [National Institute of Standards and Technology] cybersecurity framework, which is coming out of the U.S. It’s being adopted now quite broadly in the UK and more across Europe. This involves asking your supplies to share with you how they’re identifying, protecting, detecting, responding, and recovering from cybersecurity attacks. Now this is a really holistic approach to cybersecurity, not just “we’re going to invest in some technology” or “we’re going to train our people.” It’s really understanding the risk in its broadest sense.
Additional Resources
- ICI Information Security Resource Center
- ICI Viewpoints: Cybersecurity at Work: The Benefits of Information Sharing Networks
- ICI Viewpoints: Cybersecurity at Work: Exercise Is Important
- ICI Viewpoints: Cybersecurity at Work: Incident Response Plans and What They Entail
- ICI Viewpoints: Cybersecurity at Work: Creating Passwords That Are More Secure
- Video: Learn the Latest Emerging Cyberthreats
- Video: With Cyberthreats, Preparation and a Quick Response Are Key