Private Equity Security Solutions
Private Equity companies are under increasing pressure to mitigate the business risks associated with the exponential growth in cybercrime. They also face the burden of complying to strict data security and privacy requirements of Global regulations which include the GDPR and CCPA.
Our Private Equity Client with over 30 companies in their portfolio had just suffered a ransomware attack at one of its Retail investments.
The Private Equity Client realized that many of their assets were new start–up companies with minimal security infrastructure and lack of security maturity. They also realized most of the companies were doing business internationally and would now be required to comply with GDPR and CCPA privacy standards. Finally, when they reviewed security technology across the portfolio, they found a lack of consistency each company had implemented.
It was obvious the current model would be difficult to manage, security spend is currently to high and as they acquired new companies it would be extremely complex to integrate. It was apparent they need to improve their portfolios security posture immediately in order to protect their assets, lower cost, minimize risk and improve security hygiene.
Bridge Security Advisors recommended a lightweight low-cost ISO 27001 Assessment in order to get a consolidated view of risks and controls spanning the entire portfolio’s IT, OT, ICS and connected Devices. This current state assessment of controls allowed us to assess their maturity level and risks across a wide array of different portfolio companies.
We also performed an Application Vulnerability Assessment including pen testing where we identified any critical or high vulnerabilities and recommended immediate remediation advice.
In addition, Bridge included a Fractional CISO for the Private Equity company to leverage on-demand expert security leadership to advance a cost-effective security program and establish clear communication with management, board of directors, investors and govt/regulators
Bridge provided a consolidate report of Execution and Findings which details our results as well as our recommendations for remediation and improvement. The final report included:
- Executive Summary
- Statement of Applicability (SOA) Document
- Current State
- ISO 27001 Implementation Plan (Current State and Recommended State)
- Document or update mandatory documents and records
- Penetration Test Findings Report
- Scanning Logs and Findings Report
At the conclusion of the engagement, Bridge delivered a 3-year roadmap to help budgeting and provide justification for investment. Client has a business justified Plan of Action and Milestones (PoAM)
Our client and Bridge Security Advisors are implementing consistent security policy, procedures and technologies across the portfolio.
Private Equity company and Board now has a Security Program that covers the entire portfolio and includes a robust security due diligence process when acquiring new companies.
Client has full understanding of privacy requirements and remediation activities for portfolio to be GDPR and CCPA compliant.
Private Equity company is now engaging with Managed SOC / Manage Detection and Response Companies to prevent further attacks and reduce the risk of another ransomware incident.
Bridge Security Advisors is now the Trusted Security Advisor and acts as the Private Equity’s Virtual CISO.