Last month, former Secretary of Homeland Security Michael Chertoff said the most significant threat we face as a nation is cybersecurity. That’s a pretty jarring statement given the threats our country faces in terms of terrorism and war, for instance. But the reality is, cyber networks have become the gateway for risks both on the global terrorism front as well as within our internal circles at our places of business.
With watchful eyes geared towards security threats, interest in cybersecurity insurance continues to rise. The Department of Homeland Security and the Department of Commerce have identified cybersecurity insurance as a viable opportunity to thwart the effects of security breaches and attacks by:
- Promoting widespread adoption of preventative measures;
- Encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection; and
- Limiting the losses that companies face following a cyber-attack.
First and foremost, Happy Halloween!
In honor of Halloween, I’m going to share a trick and a treat about the world of social media and investment firms.
First the trick.
Did you hear the story about how shares of bankrupt Tweeter soared when Twitter announced its IPO? If not, here goes. According to WallStreetInsanity, on October 4, 2013, “shares in bankrupt TWTR Inc. (OTC: TWTRQ) were up over 1500 percent as the company’s stock soared from $0.0 to $0.15 on extremely heavy volume. Seems some people thought the consumer electronics retailer was Twitter.”
This story demonstrates that traders are monitoring social media outlets for investment ideas even if they are not personally participating. It also shows that many of those folks buying TWTRQ didn’t quite understand how an IPO works or what Twitter will be valued at (certainly not pennies), but we’ll ignore that fact for the sake of this article.
Are you like one of the millions of people pondering the answer to ‘what is hypervisor-based replication and how will it change my disaster recovery approach’? I know I was.
So, let me help you with that!
Our technology experts here at Eze Castle Integration spent some time in the lab testing and evaluating hypervisor-based replication and recently incorporated it into our Eze Disaster Recovery 2.0 offering. We think it delivers excellent benefits, but let’s start with the basics.
What is hypervisor-based replication?
TechTarget defines hypervisor-based replication as “a technology that automatically creates and maintains replicas of virtual hard disks or entire virtual machines (depending on the platform that is being used).” Analyst firm IDC goes on to say that this replication approach “protects virtual machines (VMs) at the virtual machine disk format file level rather than at the LUN or storage volume level, thus replication can be done without the management and TCO challenges associated with array-based replication.”
It has been said that cyber security is becoming what disaster recovery was 20 years ago -- the threat is real and increasing at a notable rate, and precautions must be taken. As a result, studies abound about the potential impact of security threats on a company.
Just last week, CSO Custom Solutions Group and Oracle raised the question of whether companies are protecting the right assets. Based on a survey of 110 companies, including financial services firms, CSO and Oracle found that most IT security resources in today's enterprises are allocated to protecting network assets, even though the majority of enterprises believe a database security breach would be the greatest risk to their business.
Following are specific survey findings pulled from the report that aim to make the case that firms should focus more on protecting core systems (i.e. apps, databases) versus the network layer:
You may have heard of it – the newest social media app that’s sweeping the 18-25 year old demographic – Snapchat. But what is it, and how could the technology behind it affect the business world?
Snapchat is a photo messaging application in which users can take photos or record short videos on their smartphones, then add text or drawing and send them to select contacts. When sending the content, users have the ability to set a time limit for how long the recipients can view it (up to 10 seconds), after which the photo or video will disappear from the recipient's device.
Here’s a recent Snapchat ad that depicts how the app is used:
The Bring Your Own Device (BYOD) trend is certainly nothing new (we’ve been talking about it here on Hedge IT for months). So, now that this movement has hit the financial services sector, and is clearly here to stay, the next critical step is to develop a thorough BYOD policy to help manage this transition at your firm.
Some items to keep in mind when developing your firm’s policy include:
- Company-owned mobile devices should be issued to – and personal devices approved for – only those employees who require immediate and frequent contact with co-workers, clients or partners regardless of whether they are physically located at their desks.
- Devices should only be approved in situations where the productivity gains outweigh the costs incurred by the organization to support and manage the device.
As you set out to establish your firm’s BYOD and mobile device management strategies, be sure to consider each of the following areas in order to ensure your policies are comprehensive and the firm is protected from potential security incidents.
In case you missed it, this week the Pentagon released its Annual Report to Congress looking at the military and security developments involving China. According to the New York Times, the report is virtually the first time “the Obama administration has explicitly accused China’s military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map 'military capabilities that could be exploited during a crisis.'"
The report states that cyberwarfare capabilities could serve Chinese military operations in three key areas.
- First and foremost, they allow data collection for intelligence and computer network attack purposes.
- Second, they can be employed to constrain an adversary’s actions or slow response time by targeting network-based logistics, communications, and commercial activities.
- Third, they can serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict.
As you’re probably aware, the topic of cybersecurity has been splashed prominently across headlines lately. Earlier today, the US director of national intelligence, James Clapper, identified cybersecurity as the top global threat – even more treacherous than terrorism.
In his testimony before the Senate Intelligence Committee, Clapper cited several attacks on banking websites where sensitive customer data was compromised, as well as a security breach at an oil company that resulted in the destruction of 30,000 computers. If hackers are capable of such large-scale, damaging attacks, could investment management firms be at risk? What should you be doing to better protect your firm’s critical systems and data?
The truth is both large, well-established hedge funds and smaller startups are equally at risk of intrusion. Hackers may target large firms because they see an opportunity to profit from their substantial asset pools. Additionally, they might be after the notoriety associated with successfully hacking a well-known fund’s critical systems, especially in cases that will likely garner media attention. For smaller funds, hackers are likely after intellectual property, namely business plans, market forecasts and investment strategies.
Happy New Year everyone!
2013 is off and running, and the time has come to look ahead and set goals for your investment firm to ensure a successful and prosperous year. Many of the resolutions we recommended last year still hold true, including testing your disaster recovery system, reviewing and evaluating all telcom contracts, ensuring your business continuity plan is SEC-compliant and performing a comprehensive IT systems audit.
This year, it’s time to take those resolutions to the next level. We asked some of our internal experts here at Eze Castle to share some important resolutions hedge funds could consider making for 2013. Here’s what they had to say:
Last month our friends at eSentire published a Cloud Security Checklist to provide hedge funds and alternative investment firms a guide when evaluating a cloud provider such as Eze Castle Integration. The Checklist asked the question, “How can you know if your Cloud Service Provider has your best risk management interests in mind?”
Since here at Eze Castle Integration we are big proponents of secure cloud computing, we thought we’d be the first cloud service provider (that we know of!) to complete eSentire’s checklist.
1.0 Physical Security: Does the cloud provider have a rigorous physical access protocol?
Yes, yes and yes. Eze Castle has detailed Access Control and Premise Access policies that extend from physical to virtual environments. Following are some of the key physical access control protocols we have in place:
- 24x7x365 manned lobby with visual verification of identity
- Two-phase authentication of visitors (card and biometric)
- Secured access at all entry points, including doors and elevator banks
- Monitored security cameras as well as door, motion and camera sensors
- Visitor logs closely monitored and escorts required at all times
- Key-locked cages and cabinets at all data center facilities
- Five Years Later: How Bernie Madoff Has Transformed the Investment Industry
- The Who, What, When and Where of the Bad, Bad Cryptolocker Ransomware
- Expert Tips for Launching a Hedge Fund in a New Environment
- Answering the FCA's Dear CEO Letter on Outsourcing with Some Practical Steps
- Reflecting on What We're Thankful For This Thanksgiving
- business continuity planning
- cloud computing
- data loss prevention
- disaster recovery
- eze castle milestones
- hedge fund due diligence
- hedge fund marketing
- hedge fund operations
- hedge fund regulation
- help desk
- high frequency trading
- launching a hedge fund
- privacy compliance
- project management
- real estate
- startup & relocation
- trends we're seeing
- videos and infographics