Annual Penetration Testing is a mission-critical component of your cybersecurity compliance program. As an industry leader in PenTesting, everyone on the BW Cyber Services team has performed security work for the U.S. government and been granted a government security clearance. We use the same tools and techniques as the organized crime rings and foreign entities who are actively targeting asset managers to steal your data or effect a wire fraud against you or your investors.
If you have not conducted an annual Penetration Test this year, we recommend making it a top priority.
Talk with a Security Expert
Why Penetration Testing is Mission Critical
On August 7, 2017, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released a risk alert (the “Risk Alert”) summarizing observations from the second round of cybersecurity sweep examinations on 75 SEC registered investment firms. Most notably, the Risk Alert states that firms would benefit from considering such elements:
Detailed cybersecurity-related instructions regarding items such as Penetration Testing, security monitoring and system auditing, access rights, and reporting – OCIE provided specific examples of how instructions were given with respect to penetration tests, security monitoring and system auditing, access rights and reporting.
Maintenance of prescriptive schedules and processes for testing data integrity and vulnerabilities – Vulnerability scans of core IT infrastructure were required with prioritized action items for any identified concerns and patch management policies.
Penetration Testing Process
Discover
Through external and internal tests, we simulate real world attacks and use the same techniques and tools as attackers to identify security vulnerabilities.
Reporting
In-depth reporting will include prioritized, tactical and strategic recommendations to address internal and external issues.
Resolve
Working with your IT staff or IT MSP, we ensure all vulnerabilities identified are clearly understood and agreed upon to resolve those vulnerabilities.
