In today's fast-paced financial landscape, where data is the new currency, Private Equity (PE) firms are standing at a crucial crossroads—juggling the demands of innovation while safeguarding their digital assets. With cyber threats growing more sophisticated, PE firms face the challenging task of finding equilibrium. We spoke to Nigel Diesveld, CFO at pan-European private equity HPE Growth and a featured speaker at our upcoming Zero One Hundred Conferences webinar, "How to Secure Data and Protect Investors," scheduled for Wednesday, October 11th, at 4:30 PM CEST. In this interview, we dive into the pressing cybersecurity concerns affecting investors and explore strategies to mitigate these risks.
What new risks and cybersecurity challenges are currently impacting private equity funds?
Private equity funds, like other financial institutions, face a growing number of cybersecurity risks and challenges. This includes phishing attacks, ransomware, and data breaches. Especially regarding phishing e-mails, we see the number of attempts going up significantly. The e-mails we receive are getting much more sophisticated. One of the reasons is that hackers make use of AI. ChatGPT serves well to quickly create template phishing e-mails and to check on grammar. This enables hackers to send out much more (reliable looking) phishing e-mails.
Also working remotely has increased cybersecurity risks and challenges. Typically home offices are less secure compared to an office environment: Limited password complexity is required on your home wi-fi, less robust firewall, etc. Especially logging into public wi-fi increases the risk of getting hacked.
What can Private Equity firms do to prevent these threats?
Phishing e-mails
A quick win is enabling MFA. Even if a hacker comprises log-in details, with MFA it’s still quite difficult to get into the system.
Another quick win is enabling First Contact Safety Tip (from Windows). It shows when you receive an e-mail from someone you normally don’t receive e-mails from. That helps you recognize someone that pretends to be someone you know.
People are easier to hack than systems, therefore keep on investing in awareness training. “Think before you click.” Explain the risks of phishing, recognizing phishing attempts, etc.
Employees should directly file the phishing e-mail to ‘junk’ to avoid receiving it again.
Working remote
Enhance remote work security measures, including secure VPNs, encrypted communication, and device management for remote employees. In addition, educate employees on remote work security practices.
How should PE firms balance digital innovation with effective cybersecurity?
I think both are about equally as important for PE firms. It is needed to be innovative to stay ahead of the competition while at the same, time it’s crucial for a PE firm to protect its assets and to protect sensitive data. Therefore, balancing the 2 is an ongoing process.
When considering kicking off a digital innovation project, it’s important to balance the benefits versus the security risks. Therefore, it’s important to involve IT / IT security experts early in the process to assess and address security implications.
The focus should be around data. Will it be stored at the third-party vendor? And is the vendor able to provide assurance regarding the security of their services?
Don’t forget that digital innovation definitely also has an opportunity to make your cybersecurity more effective! AI/ML for example can analyze large amounts of data to detect patterns that are indicative of cyber threats.
Nigel Diesveld, will be speaker at the Zero One Hundred Conferences webinar "How to Secure Data and Protect Investors" with other top industry speakers such as Paul Harragan, Portfolio's Global Cybersecurity Lead at KKR, Julia Dudenko, CISO at Haniel, and Thomas Baasnes, Cybersecurity Director at Verdane. The event will be moderated by Paul Loefstedt, Principal Solutions Consultant at SS&C Intralinks.
The online event will be held on Wednesday, October 11th, at 4:30 PM CEST.
Free registration here
