Avoiding the DIY route to cybersecurity
RFA: Best Cyber-Security Service Provider – With the emergence of public cloud services from vendors like AWS and Azure, fund managers may be tempted to take a do-it-yourself approach to technology and cybersecurity systems. However, service providers warn against this tactic as managers may find themselves exposed to risk they would have neither intended nor foreseen.
George Ralph (pictured) managing director at RFA explains: “Everything is available at the click of a button. However, there are risks associated with deploying new services that haven’t been properly configured to ensure appropriate levels of security. I’d urge clients to engage a specialist to support them with their cloud deployments.”
Rather than saving cost in this area, Ralph suggests managers implement technology to automate key tasks and workflows. These can help reduce the number of back office staff and maintain a lean headcount.
Looking ahead, Ralph expects to see a greater focus on technology risk management among clients: “Really understanding the level of risk using risk assessments and planning for mitigations is going to be critical this year. The cost of not managing risk is too high for firms in this sector; fines from the regulators, the information commissioner, loss of investor trust and possible lost investment, reputational damage and actual lost earnings while systems malfunction or are breached. With data as the new currency, our clients cannot afford to take any risks.”
There have been increased demands from regulators to meet compliance requirements, which has been placing additional burden on clients. In response, the firm developed a compliance tool called Compliance Park. This is a workflow tool and secure document vault that clients can use to prompt them for key reports, compliance deadlines and actions.
Ralph also notes the firm has seen a significant increase in operational due diligence queries: “Investors are increasingly scrutinising technology, information security, supply chains, outsource partners and service partners. Many managers don’t have the resources to respond quickly and fully to every request. We have developed templates that can be easily completed and provide all the relevant information about technology and information security that investors are looking for.”
Although analysis of technology by managers is on the rise, Ralph highlights: “We are still seeing gaps in IT and cybersecurity skills among our clients, which is driving the need for outsourcing to specialists like RFA. This is driving our IT Service Management business and demand for virtual CTO services, which continue to be popular. Furthermore, headcount is still an issue for many managers, so outsourcing operations like IT is the most viable option for many.”
Further, as development in the field of artificial intelligence and machine learning continues, RFA has also developed its own AI and machine learning driven cybersecurity tool. Ralph comments: “We evaluated the vendors we were using in our data centres and felt we could do it better, so built our own tool. We now have a robust cyber prevention tool that meets the needs of our increasingly mobile centric client base. It includes end point data aggregators for disparate user bases, and secures mobile devices, office locations or home locations. We use AI and machine learning to identify and predict exceptions, which our team analyses and takes appropriate action.”
Managing Director, RFA
George Ralph CITP, has successfully founded three technology firms along with C-level advisory services include M&A to numerous firms. George is a true leader and has been managing teams internationally, and leading technology transformation projects for over 20 years. A certified GDPR, Cyber assessor, Auditor, Architect and widely experienced cybersecurity and RegTech professional, George has extensive technical experience in network and server architecture, large scale migrations utilising leading technology brands, and IaaS offerings.