fbpx

Battle-Tested

Veterans in cybersecurity share strategies and insights

That innocent-looking email might actually be the start of a phishing trip that leads to a cyberattack. Financial services companies that face the risk of multimillion losses, and perhaps even going out of business, are on the front line these days.

SFBW sought insight on how to fight back at its first Cybersecurity After Hours Event for specialty fund managers and senior executives at the Polo Club of Boca Raton. Panelists:

Erik Kellogg, founder & CEO of inCyber Security, a Chicago-based company that provides cybersecurity services for the financial industry.

Sal Orofino, principal of Orofino Law Group, a Miami Beach firm that advises clients on content, technology and commerce, including cyber and data privacy.

Mark Renz, chief investment officer of Socius Family Office of Fort Lauderdale, which helps advisers implement long-term wealth strategies for clients.

Alan M. Porten, senior territory manager southeast of eSentire, a multinational company that helps mid-cap companies protect against cyberthreats.

The following transcript has been edited for clarity and brevity.

Many executives say the threat of cyberattacks keeps them up at night. How do you help clients sleep better?

Renz: There’s a movement among independent financial advisers to use a lot of third-party platforms with data moving between platforms. There are a lot of passwords. We look at how we organize that and what information we access. Most smaller firms, sub $1 billion, don’t have a cybersecurity policy.

At a prior firm, we had an email from a client that said to move $50 million from that client. It never came from the client. Fortunately, part of our procedure was to confirm with clients orally.

Lonnie Cibants and Lynne Korman
Lonnie Cibants and Lynne Korman
Jane Iversen and Jorge Iglesas
Jane Iversen and Jorge Iglesas
Alan Porten, Steve Parkinson and Joe Farkas
Alan Porten, Steve Parkinson and Joe Farkas
Rene Hagen, Kiana Wise and Hans VanHernaaden
Rene Hagen, Kiana Wise and Hans VanHernaaden
Sal Orofino and Guillermo Aragon
Sal Orofino and Guillermo Aragon

Porten: I think one of the things I’ve seen most consistently is people become the root cause of most of the cybersecurity issues going on. Ninety-plus percent of the breaches that occur start principally with a phishing email. Companies should be identifying information flowing across networks, monitoring technology and areas of policy procedure.

Kellogg: What’s keeping me up at night is the unknown feature. You need to start with getting a full understanding of what you have, how you run your business and getting some policies in place. From there, understand what’s at risk.

Renz: If we don’t go back to that cyber audit and assessment and act on it, we have a smoking gun where are we going to be held responsible. There has to be a crisp message at the end of the day.

Can security requirements be a “set it once and forget it” policy?

Kellogg: No. At some point your business, processes and technology change. There is no set and forget.

Porten: When I started in cybersecurity 15 years ago, the vision of hackers was a pimply teenager. Today, cybersecurity is 100-percent organized crime. It’s profit-oriented.

Technology is changing on a day-by-day basis. Security issues evolve along with the technology. Security has to become part of the culture of each and every one of your organizations. Every employee is equally responsible for maintaining security.

Orofino: Technology is changing radically and markets are changing radically. It’s a difficult place for us every day.

What percentage of these cyber crimes get resolved? Are people being caught and prosecuted?

Porten: Cyber criminals win every time that they cause a reaction. Every time they steal the money, it vaporizes immediately. There are prosecutions, but much of the cyber crime activity takes place off U.S. soil. The ability to prosecute across international boundaries is difficult.

Orofino: There are thresholds where the FBI and state authorities get involved and cyber thieves realize that and make that part of their strategy. The question is: Do customers indict the business that was broken into?

Renz: I was a victim of identify theft five years ago. It wasn’t a lot of money, but the amount of time to deal with it was a lot. The Palm Beach County Sheriff’s office says 10 percent of people get caught.

What happens if I, as a business, refuse to get in line?

Orofino: Chapter 7, Chapter 11 and Chapter 13 bankruptcy court filings. Those are about as clear as I can make it. They may be company prosecutions, and there could be criminal liability.

What’s the intersection between good business and regulatory requirements?

Orofino: Take security and make it a business advantage. Customers should understand your efforts are to protect them. Are you really getting in front of the issue and is that reflected by how your customers are trusting you?

Porten: Regulations in the alternative financial field are relatively new. Security is not new, but the requirements of compliance are new. There is a complex set of controls government is trying to forcefeed that’s been in place in health care, banking and utilities for a long time. It’s just catching up with the alternative investment world.

Are data breaches one of the drivers for regulations?

Orofino: Financial security is an important part of economic security. The government is looking for ways to shore up that risk.

Porten: I think the ultimate goal is to prevent panic. We have seen tens of millions of identities captured through a wide variety of retail breaches. The financial industry has kept much of it quiet. I think part of the regulation is to ensure that nominal levels of control are in place to prevent any domino effects of breaches of financial systems.

Kellogg: It’s more about giving investors and customers a choice if they feel their identity has been stolen. They can feel the government is doing something about it.

Where do you see cybersecurity advancing in the next decade?

Porten: If any of us had an answer, we wouldn’t be sitting here!

Orofino: Look at the space of what Amazon is doing—taking over unrelated businesses that aren’t tech businesses, but then creating tech business that are related and influencing legislation.

Porten: When I was at Citibank, we spent $250 million on cybersecurity. They had 1,000 cybersecurity experts, but it wasn’t enough. Their plan for this year was to double that and double the staff.

Bad guys are going to be outsmarting and outthinking a lot of the defensive postures, because that’s how they are putting food on the table.

Kellogg: You don’t want to be getting your start five years from now. You better know what’s going on in five years, if you want to be around in 10.

How do you manage risk with third-party vendors?

Renz: You are probably safer with a cloud-based system or Amazon. The landscape is dominated by these tremendous corporations that have a lot of money to spend.

The size of cybertheft was more than $250 billion a year ago and continues to grow. Have a plan and use some of the largest players in market. Utilize guys like these to get protocols and procedures in place.

Porten: The most important thing is you have to talk about it. Part of what governance is about is being required to at least analyze the risk and make business decisions based on risk and cost. Nobody can hold a board of directors responsible if the risk has been analyzed and assumed. It’s not having everything addressed is where the problems begin. Stimulate conversation and make sure to ask right questions.

About the Sponsors

eSentire

With managed detection and response services, eSentire keeps midsize organizations safe from constantly evolving cyberattacks that traditional security defenses simply can’t detect.

ESentire combines people, processes and technology to detect, remediate and communicate sophisticated cyberthreats in real time. Protecting more than $3.2 trillion in assets under management, eSentire has received multiple accolades, including Hedge Fund Manager Service Provider awards (2013, 2014, 2015, 2016).

In 2015, eSentire was named to Deloitte’s Technology Fast 50 and Fast 500 and was included in “Cool Vendors in Cloud Security Services,” a report by the research company Gartner Inc.

For information, visit esentire.com.

OLG

Orofino Law Group is dedicated to helping businesses match or exceed the pace of an ever-increasing regulatory environment. Its practice connects business leaders with solutions for the integrated legal areas of cybersecurity, data privacy, advertising and marketing and labor law.

OLG is a first-mover on ambassador and influencer marketing for enthusiast products and service companies. Past engagements include providing in-house counsel to youth marketing icon RVCA, as well as Connexions Sports and Entertainment, an Omnicomm company.

Representative clients include ReadyPulse, Experticity, Racer X, RVCA, Equisolve and  BTOSports.com.

For information, visit orofinogroup.com

You May Also Like
Levan Center of Innovation Forms Strategic Partnership With Fort Lauderdale United FC

The Alan B Levan | NSU Broward Center of Innovation (Levan Center of Innovation) established a new strategic partnership with Fort Lauderdale United FC, a leading Division 1 women’s soccer team participating in the USL Super League. Fort Lauderdale

Read More
Levan Center of Innovation
Levan Center of Innovation Celebrates Second Anniversary

The 54,000-square-foot facility offers incubator and accelerator programs for businesses.

Read More
How to Create Your Own Hologram

The Levan Center of Innovation offers a capture studio to create content for cutting-edge displays.

Read More
Miami Virtual Reality Studio Launches Game on Meta Quest

AEXLAB is a pioneer in developing cutting-edge software utilizing virtual reality technology to create an unparalleled combat game.

Read More
Other Posts
Boca Raton Innovation Campus Reveals Six New Leasing Agreements

Four new tenants will join the technology center.

Read More
Cinch I.T. Sets Sights on Fort Lauderdale for Business Expansion

Cinch I.T., a rapidly growing I.T. service provider in the U.S., is planning to expand its support network in various new markets across the country, including Fort Lauderdale. As the

Read More
Cinch I.T.
Levan Center Hosts Successful South Florida Innovation Day

The facility is focused on three themes: innovation, technology, and entrepreneurship.

Read More

Drew Limsky

Drew Limsky

Editor-in-Chief

BIOGRAPHY

Drew Limsky joined Lifestyle Media Group in August 2020 as Editor-in-Chief of South Florida Business & Wealth. His first issue of SFBW, October 2020, heralded a reimagined structure, with new content categories and a slew of fresh visual themes. “As sort of a cross between Forbes and Robb Report, with a dash of GQ and Vogue,” Limsky says, “SFBW reflects South Florida’s increasingly sophisticated and dynamic business and cultural landscape.”

Limsky, an avid traveler, swimmer and film buff who holds a law degree and Ph.D. from New York University, likes to say, “I’m a doctor, but I can’t operate—except on your brand.” He wrote his dissertation on the nonfiction work of Joan Didion. Prior to that, Limsky received his B.A. in English, summa cum laude, from Emory University and earned his M.A. in literature at American University in connection with a Masters Scholar Award fellowship.

Limsky came to SFBW at the apex of a storied career in journalism and publishing that includes six previous lead editorial roles, including for some of the world’s best-known brands. He served as global editor-in-chief of Lexus magazine, founding editor-in-chief of custom lifestyle magazines for Cadillac and Holland America Line, and was the founding editor-in-chief of Modern Luxury Interiors South Florida. He also was the executive editor for B2B magazines for Acura and Honda Financial Services, and he served as travel editor for Conde Nast. Magazines under Limsky’s editorship have garnered more than 75 industry awards.

He has also written for many of the country’s top newspapers and magazines, including The New York Times, Washington Post, Los Angeles Times, Miami Herald, Boston Globe, USA Today, Worth, Robb Report, Afar, Time Out New York, National Geographic Traveler, Men’s Journal, Ritz-Carlton, Elite Traveler, Florida Design, Metropolis and Architectural Digest Mexico. His other clients have included Four Seasons, Acqualina Resort & Residences, Yahoo!, American Airlines, Wynn, Douglas Elliman and Corcoran. As an adjunct assistant professor, Limsky has taught journalism, film and creative writing at the City University of New York, Pace University, American University and other colleges.