Quick Links
Our Vision & Mission
Our Executive Team
Our Partners
Clients We Serve
Past NewsLetters


"TurtleBay Advisory Services advisors have an incredible understanding of how operations and technology can support and enhance business transformations efforts. The team is skilled at both strategy and implementation."

Industry Perspectives

Business Risk Intelligence for the Asset Manager

In 2016, the Security and Exchange Commission's EDGAR database was hacked. While the extent of the breach has not been made public, the database, which contains information on corporate regulatory filings, could potentially give hackers nonpublic information that could be used for trading.

 The securities industry regulator's own brush with cyber threats illustrate the risks that asset managers face in protecting their investments. The information financial institutions hold can be highly valuable to sophisticated criminals who know what to do with it.

 "We must be vigilant and we must be better. We are under constant attack from nefarious actors," SEC Chairman Jay Clayton said about the agency’s hack during testimony before the Senate Committee on Banking, Housing and Urban Affairs in September.

 For asset managers, fighting cybercrime increasingly means going farther than protecting the institution from the most common malware, phishing and denial-of-service attacks. Firms must begin to understand the Deep & Dark Web (DDW) communities in which their data could be shared, sold or exchanged.

 Business Risk Intelligence (BRI) firm Flashpoint has distinguished itself by developing unique expertise in the DDW, and using tradecraft and knowledge of underground communities to help firms guide their decisions related to threats and adversaries.

 BRI broadens the scope of cyber intelligence beyond threat detection to provide relevant context to business units not traditionally afforded the benefits of intelligence derived from the Deep & Dark Web. By informing decision-making and improving preparation, BRI mitigates risk across the enterprise resulting in better decisions that protect a company’s ability to operate.

 For asset managers concerned with protecting investments around the world, Flashpoint can monitor and detect potential threats globally. Using the Flashpoint API, asset managers can enhance their own internal data on cyber threats with normalized data on DDW threat actor communities. Adding this source of near real-time cyber risk data enables users to make better risk decisions related to cybercrime, fraud, and physical and cyber threats.

 DDW sources can be used to track threats that exist not only within a firm's technology infrastructure but throughout its supply chain ecosystem. Flashpoint monitors illicit forums and marketplace, to track threats to suppliers and counterparties that could put a firm at risk. Using similar monitoring techniques, coupled with a familiarity with insider fraud tactics, Flashpoint also tracks threats posed by malicious insiders. The company's experience engaging with actors on the DDW is also used to assess physical security, including monitoring physical threats from cybercriminals to facilities or to executives at industry conferences or public events.  

 Using BRI, Flashpoint assists asset managers facing complex security problems by helping them develop security and business risk-based strategies