» Risk Management Blog

The term “cybersecurity” can oftentimes be ambiguous and difficult to define, no different than that of a single or multi-family office. But much like an Investment Policy Statement, identifying and defining risk down to the individual level is paramount in achieving both near-term and strategic objectives. In this blog post, we seek to shed light…

Since 2004, October has been recognized as Cybersecurity Awareness Month by organizations like the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), which are dedicated to helping individuals better protect themselves against online threats. This year CISA and NCA are focusing on the human element of security, with the 2022 Cybersecurity…

One of the unfortunate truths for trust and fraud teams is that they spend more time fighting within their organization to get access to the data they need than they do fighting bad actors. These teams often build collaborative relationships with cybersecurity teams to address issues like credential stuffing and bots, but a new generation…

Context Microsoft has shared mitigation measures, which are included below, to block attacks exploiting the flaw, designated CVE-2022-30190, while a patch is being developed. Microsoft‘s entry for CVE-2022-30190 indicates it affects MSDT on all versions of Windows and Windows Server and has detected exploitation in the wild. The remote code execution vulnerability exists when Microsoft Support Diagnostic Tool (MSDT) is called using the…

Security spend for eCommerce companies grows year on year, and according to data researched by BigCommerce, 77% of businesses bought new security tools in the last year, and 69% have added security headcount to their teams. However, is this security being targeted in the right direction? In particular – how much attention do you put…