Last week, we hosted a webinar with eSentire on best practices for managing security risks. eSentire is the leading managed security service vendor protecting 25% of the global hedge fund market by AuM. During the webinar, the company's director of marketing, Mark Sangster, and our own vice president of client technology, Steve Schoener, explored topics including the scope of cyber threats, the anatomy of a cyber attack, continuous security monitoring and security policies and procedures for hedge funds to consider. Read on for a full recap of the information covered during the event.
The Current Scope of Cyber Threats
In his March 12th address to congress, Director of National Intelligence James R. Clapper identified cyber attacks as the most immediate threat to global security. Clapper’s remarks emphasize the importance taking measures to prevent cyber attacks today. These intrusions can originate from a variety of sources, including:
- criminal organizations
- nation states
- “hacktivist” groups such as Anonymous
It is widely believed that government support is making hacker groups more powerful than ever. Currently, one of the largest threats to cyber-security originates from a China-based group known as Unit 61389 of the People’s Liberation Army. According to a report produced by Mandiant, an information security company, the group is comprised of up to a thousand members, and has been responsible for stealing hundreds of terabytes of data from 141 companies in 20 industries. Groups similar to Unit 61389 have cropped up in other countries as well.
According to the 2012 Verizon Data Breach Investigations Report, an international study of cyber-security violations:
- 70% of cyber attacks target large organizations (over 1,000 employees)
- 50% of intrusions take several months or even years to be recognized by the victim organization
- 75% of the time it takes several days to steal data from larger companies
So, what should you be aware of to help protect your firm from an intrusion? There are a variety of sources from which cyber attacks can originate, including:
Phishing scams: In these scenarios, a member of the organization receives a socially engineered email attempting to steal information. Upon opening the email, the employee allows the malware to infiltrate the network.
USB media devices: This is a very common source of attack that has been widely improved over the years. In this case, an infected USB drive is dropped or left unattended in a public space, intending to be picked by a well-meaning employee who will plug it into his or her computer to see who the device belongs to. Once plugged in, the device emits malware into the network.
Universal Plug & Play (UPnP): UPnP allows computers and other network-enabled devices to efficiently communicate with one another. Recently, however, these devices have come under harsh criticism due to a variety of security weaknesses such as programming flaws and a lack of required authentication, making the devices easy targets for viral attacks.
Malware via Drive-by Download: Drive-by downloads occur when a person downloads an infection, either knowingly or without understanding the consequences. The infection typically takes the form of a computer virus, spyware, malware or crimeware.
The Future of Cyber Security
Increasingly, security threats threatening the investment management industry are low volume, high value (aka targeted) in nature. In these cases, the attacker possesses a great deal of knowledge regarding the value of the victimized company’s assets, and wants to steal this information for his or her own benefit. These attackers will employ intricate plots to gain access to the information. The problem with typical security protection programs such as anti-virus software and firewalls is that they are not preventative, and can only identify threats that have already occurred.The industry has been shifting from the use of managed security service provider (MSSP) to continuous monitoring as a service (CMaaS). The primary components of CMaaS are:
Sensor on the Network: Network sensors gather data.
Risk-Status Displays: Data is gathered from the sensors and used to develop reports.
Security Consulting: Security experts analyze the reports so that they can develop appropriate security measures.
Real-time Detection and Mitigation: Security firms such as eSentire have added this step due to the belief that security concerns need to be resolved immediately rather than after they have occurred.
Tips to Protect Your Firm Against Malware and Hacking
eSentire has developed a list of steps hedge funds should follow to protect themselves against security threats. The steps are based off the concept of the cyber kill chain, which states that the earlier a threat is recognized, the better.
Perform a vulnerability assessment. It is essential that companies authenticate firewall configuration and anti-virus patching, network device security and evidence of criminal activity. You'll want to know where vulnerabilities exist before implementing additional security measures.
Establish privileged access to core data. Companies should only designate access to necessary employees and place private data on password-backed servers.
Develop an Acceptable Usage Policy. Firms should ensure that their Acceptable Usage Policy provides guidelines for software downloads, personal mobile devices, cloud-based email and storage services as well as the access and distribution of privileged data.
Engage real-time intrusion detection/mitigation solutions. Be sure to track and observe all network actions to be aware of breaches, attacks or the access of sensitive information.
Establish legal safeguards. Companies should ensure that they utilize confidentiality, non-disclosure, non-competition and non-solicitation arrangements to protect intellectual property.
Know who you're hiring. Employers should screen employees pre-hire and conduct trainings to make all employees aware of appropriate and inappropriate conduct, contractual arrangements and firm policies and procedures.
Monitor and log network activity. Restrict electronic transfers, enforce password protection, encrypt computer systems, limit accessibility to core assets, and observe and track all network and email actions.
Policies & Procedures
Here at Eze Castle, we recommend that all hedge funds employ multiple layers of security to reduce the amount of undesired traffic on the network, and thereby reduce the opportunities for a security breach. This is often called the Principle of Defense in Depth. Examples of defense layers may include having Windows protected by anti-virus software with up-to-date virus definitions and all Internet and DMZ facing hosts protected by OSSEC host-based intrusion detection.
In addition to these layers, we also recommend that investment firms employ the following policies and procedures to ensure their critical systems and data do not fall into the wrong hands.
- Principle of Least Privilege: This involves restricting access to only those employees who need it. Keep access control lists on all applications and data and inbound/outbound internet access to keep track of who can gain access to what. Also, log the use of audited one-time passwords and minimum privilege shared accounts.
Secure User Authentication Protocols: Secure user authentication protocols include:
- Assigning unique domain user IDs to each employee
- Implementing strong domain password policies
- Monitoring data security passwords and ensuring that they are kept in a secure location
- Limiting access to only active users and active user accounts
- Information Management Security Policy: Develop a plan that details how the firm will handle a security incident. The plan should outline who is in charge of managing a security incident, the required reporting and investigation procedures, communications policies for contacting clients and the post-incident remediation procedures.
Visitor/Contractor Premise Access Policy: It is essential that firms keep track of all people who have visited the site through the use of physical security checkpoints and surveillance.
- Mobile Device Policy: Develop guidelines for use of personal mobile devices in the workplace, and train staff on mobile device security. Firms should employ security measures such as requiring passwords, having the ability to remotely wipe devices and employing encryption tools.
Having a high level of security in place at your investment firm helps to restore faith in investors who are undoubtedly hearing about cyber attacks regularly in the media. Following industry best practices and implementing the appropriate tools and policies demonstrates that the firm has planned in advance instead of scrambling to handle a security breach after it has occurred. This also ensures that costly disasters are averted and normal business operations can be restored efficiently in the event of a security breach.
- The Who, What, When and Where of the Bad, Bad Cryptolocker Ransomware
- Expert Tips for Launching a Hedge Fund in a New Environment
- Answering the FCA's Dear CEO Letter on Outsourcing with Some Practical Steps
- Reflecting on What We're Thankful For This Thanksgiving
- Finding Your One-Stop Shop: The Benefits of Choosing an All-Inclusive IT Provider
- business continuity planning
- cloud computing
- data loss prevention
- disaster recovery
- eze castle milestones
- hedge fund due diligence
- hedge fund marketing
- hedge fund operations
- hedge fund regulation
- help desk
- high frequency trading
- launching a hedge fund
- privacy compliance
- project management
- real estate
- startup & relocation
- trends we're seeing
- videos and infographics