Private equity fund managers have voiced cybersecurity as a growing threat to their business and supply chain risk. New technology solutions were launched this week tailored specifically for monitoring PE portfolio companies.
Against a barrage of data breaches and ransomware demands, evermore brazenly coordinated, private equity funds are receiving new technology tools to help combat the problem.
Cybersecurity provider Drawbridge has added a new module to its cyber-risk platform specifically designed for private equity funds, giving them real-time oversight in a single view to manage their portfolio companies' cyber threats.
The group says it is the first-of-a-kind offering for the industry, developed alongside clients who have been at the sharp end of rising attacks on their portfolio companies, both in size and frequency.
The landmark attack by suspected Russian state actors on SolarWinds' infrastructure is just one example of the growing exposure of firms to software supply chain attacks.
SolarWinds produces a network and applications monitoring platform called Orion and counts some of the largest US telecoms and accounting firms, the US Military and government departments among its clients. The breach understandably landed it in hot water and the firm is in the middle of a class-action lawsuit.
The lawsuit was expanded last week to add, as defendants, the private equity firms who owned SolarWinds at the time it was compromised. Reportedly, the suit suggests that the PE firms were "central" to the lack of cybersecurity investment that led to the hack. It should also be noted that experts have continued to marvel at the level of sophistication the hackers used.
Supply chain ransomware attacks represent a broader trend where cyber criminals can exploit multiple organizations in a single breach. Ransomware demands, as the name suggests, hold companies hostage to pay criminals to restore stolen data. Many corporates would rather not disclose how much.
Needless to say, these kinds of assaults on businesses are the most concerning for experts - up by more than 40 per cent year-on-year in the US.
In April the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) released important guidelines under the title “Defending Against Software Supply Chain Attacks.” NIST, in particular, has drilled down on what practical steps businesses can take.
The new cyber module from Drawbridge is offered to private equity funds as a managed service and enables them to report risks at the general partner and portfolio company level.
“Our private equity clients told us they needed to be able to monitor and receive comprehensive, real-time information on their portfolio companies’ risk posture and minimize cyber incidents that could inhibit their portfolio company’s growth,” Jason Elmer, founder and chief executive of Drawbridge said.
Drawbridge has been adding services since receiving fresh capital from Long Ridge Partners earlier this year. The firm, based in New York, with several offices across the US and one in London, is part of a growing raft of cybersecurity providers that are becoming indispensable to financial services.