Investment Firm Achieves Security Compliance While Exceeding Client Expectations

Investing in Security

Clients rely on investment management firms to grow their assets. The last thing they expect is a loss due to negligent cybersecurity practices. Regardless of how well a firm anticipates financial markets, a cybersecurity attack could bring their portfolio crashing down. For this reason, the SEC and FINRA are focused on driving cybersecurity best practices in the financial industry. 

If anyone feels the pressures of cybersecurity, it's Chief Information Officer, Jeff Liles of Harbert Management Corporation (HMC). HMC is an investment management firm founded in 1993, with approximately $6.4 billion in Regulatory Assets Under Management as of June 30, 2019. Cybersecurity is a compliance requirement for HMC, but they want it to be a differentiator for them as well. 

“Investors are very interested in learning what the firm is doing to combat cyber-attacks.”

– Jeff Liles, CIO 

HMC’s prospects must consider how the firm will protect their investments from cybersecurity attacks. With over 230 employees spanning five (5) countries and an IT team of four (4), HMC remains vigilant to ensure security and privacy for its clients. “We needed to enhance our cybersecurity portfolio and find a partner that would work side-by-side to protect HMC from cyber-criminals,” shared Liles. 

Upon identifying the need for security assistance, HMC set out to find a trusted partner that would provide a layered approach to its security program. In 2017, HMC partnered with HBS to develop a program that delivers insight into attacks and defends against breaches. 

Security Solutions

The partnership began with an Information Security Risk Assessment, which provided a deep understanding of HMC's security posture, including an evaluation of administrative, physical, and technical controls. Through policy review, facility walk-throughs, and in-depth interviews with stakeholders, HBS provided HMC a summary of high and moderate risks along with recommendations for remediation. 

To complement the risk assessment and improve HMC’s visibility into its technology environment, a penetration test was performed by HBS. The objective of the penetration test was to identify and exploit weaknesses in HMC’s technology infrastructure. The information gained from the test provided HMC the knowledge needed to make improvements to its infrastructure to secure it for the future. 

The third layer to HMC's security program was the deployment of security information and event management (SIEM) through HBS’s Security Operations Center (SOC). “SIEM provides fantastic insight into activities on our network,” expressed Liles. Managed SIEM is designed to deliver continuous data analysis, threat intelligence, and security incident reporting, which enables HMC to understand what is happening on their network in real-time.