On February 4 and 11, 2021, Robin L. Barton of the Hedge Fund Law Report published a two-part article on the risks of business email compromise scams:

Eleven Lessons From Cyber Hack That Forced an Australian Hedge Fund to Close.

The article features a lengthy interview with Avi Gesser, a partner in the Debevoise Data Strategy and Security Practice, during which Avi discusses the following 11 lessons from a recent cybersecurity attack on a hedge fund:

1. Private Funds Are Attractive Targets
2. Business Email Compromise Is a Successful Strategy
3. Cyber Criminals Are Smart – and Learning
4. Remote Work Has Heightened Cybersecurity Risks
5. Relying on Spotting Red Flags Is Not the Best Approach
6. Robust Policies and Procedures Are Effective – and Give Employees Cover
7. Anything New Should Be Scrutinized
8. Culture Can Undermine Strong Policies and Procedures
9. Incidents Should Be Used in Cybersecurity Program Reviews
10. Third-Party Cybersecurity Matters, Too
11. Investors and Regulators Care About Cybersecurity

A full copy of the article is available here.