In part two of our webinar series, Cloud Perspectives: How to Impress Investors, Security Pros & CXOs, Steve Schoener and Lisa Smith of Eze Castle Integration shared their expertise with regards to security infrastructure, policies and procedures in the cloud.
Threat Landscape for Hedge Funds
With security breaches and incidents reaching sophisticated levels, Schoener first addressed the evolution of the cybersecurity landscape for investment firms. In the past, hackers were often kids with too much time on their hands looking to create chaos for a period of time. Today, it has evolved into a business for educated hackers, conducting thorough research and drawing readily accessible information from the Internet to target individual firms as a way of making money.
It’s a question that many folks in the financial services industry have been asking for a few years now. Are potential investors comfortable with the idea of hedge funds leveraging cloud services? In Part 1 of our cloud webinar series, The Investor Perspective on Cloud and Security, we asked Ashley Gimbel, Senior Vice President at Dyal Capital Partners, to share her thoughts on evaluating the operational and infrastructure decisions of hedge funds and alternative investment firms and if investors are truly comfortable with the cloud. Click here or scroll down to watch the full replay of our conversation with Gimbel.
The simple answer is ‘yes.’ According to Gimbel, investors are and should be at ease with hedge fund clients using cloud infrastructures to support their daily operations. In fact, she says, hosted infrastructures often make more sense for firms with little to no IT resources in-house.
With a few caveats, of course. Firms should ensure outsourced cloud providers have proper Service Level Agreements (SLA) in place and are conducting appropriate oversight of their provider(s). A few other technology must-haves:
Well integrated data and systems
Established policies and procedures
Comprehensive disaster recovery
As the frequency of cyber-attacks increases, so too do the maturity of attacks and their methods of prevention and remediation. Think of cybersecurity as a two-way street. One side is trying to deceive and breach, and the other is trying to protect, prevent and detect. The commonality is both are progressing towards automaticity.
Cybercrime: The Evolving Chameleon
A common misconception about cyber-attacks is that they only take the form of fake virus alerts, spam, outlandish emails and the like. On the contrary, a threat can take many forms, and cyber criminals are getting smarter. Today, hacktivists target the automaticity of our behaviors, responses and daily routines. This applies to both the human and business side of things. Cyber criminals now study and familiarize themselves with the daily activities and internal processes of firms to identify gaps and find a way in. The idiosyncrasy is in the simplicity with which cyber schemes are pulled off.
We recently hit our 500th post here on Hedge IT! To commemorate, we are hosting our annual blog awards! We've gathered the most thought-provoking, popular articles according to our readers and included a few of our personal favorites, as well.We hope you enjoy!
In this Opalesque.TV video interview, Bob Guilbert and Vinod Paul from Eze Castle Integration discuss the cybersecurity landscape of the investment community, specifically the risks facing hedge funds and alternative investment managers in 2015. Both spend the majority of their time educating their client base on internal and external risks, protecting them against the “Activist Hacktivists” looking for any means of entry into funds.
These hackers will spend weeks, months, and sometimes even years trying to get access, most often with the goal of triggering illicit wire transfers out of the fund.
Today, the usual efforts of employees to avoid clicking links or opening files and password protocoling aren't enough. Everyone should be aware of new techniques employed by hackers like “spearfishing” and “whaterhole” attacks which, with more institutional dollars flowing into hedge funds, will become more frequent. Unless funds have the right Written Information Security Policy (WISP) and processes in place, together with true intrusion detection that monitors what is coming into the firm and what data and information is going out of the firm, they can be at risk of a cybersecurity attack.
If you live in the Northeast United States – anywhere from DC to Maine – you’re likely living through the Blizzard of 2015 right now. Snow and heavy winds are pounding the East Coast, with snow totals expected to exceed 2 to even 3 feet in many areas and wind gusts to reach hurricane strength.
During weather events such as this, it’s critical that firms take precautions to ensure that not only do their technologies work and their businesses remain operational, but that their employees are safe, connected and receiving constant communications. We’ve experienced many events such as this in recent years – Hurricane Sandy is probably the most memorable – but the Blizzard of 2015 is an important reminder to firms about employing comprehensive business continuity plans and disaster recovery systems.
Here are a few reminders to get your firm through this latest weather event:
Communicating effectively with your employees is especially critical before, during and after disasters and other weather events. Be sure to keep your employees in the loop on what’s happening and what’s expected of them. Should they work remotely in the event they can’t get to the office? Are non-essential personnel expected to use paid time off? When can they expect updated communications regarding next steps?
If your firm employs a comprehensive BCP, you’ve likely already shared regional Quick Reference Cards so your staff is aware of evacuation locations, remote access policies and instructions and other communication essentials.
It’s officially 2015! With the New Year upon us it is important to set new goals for the future. In today’s post, we offer five resolutions hedge funds should consider to help pave the pathway for another prosperous year.
Resolution #1: Prepare for Cybersecurity
In 2014, hedge funds were revamping their IT policies and upgrading their methods of preventing, detecting and responding to cyber threats. However, this push to overhaul and enhance security was largely reactive to the several breaches we witnessed in 2014. Among those companies affected were Sony, Target, JP Morgan Chase and Home Depot. In 2015, we predict cybersecurity will remain at the forefront of headlines. That being said, hedge funds should prepare ahead of time and have detailed information security policies in place.
Resolution #2: Avoiding Common Cloud Mistakes
When it comes to hedge fund operations and technology, there is no margin for error. Common mistakes range from not sizing bandwidth adequately to business needs to not planning proactively for applications and assuming deep security safeguards are in place. Hedge funds that take the proper precautions and do their research when cloud shopping save themselves from preventable stress and inflated issues down the road.
If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts a few months ago that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.
When it comes to the cost of a successful data breach, the ensuing ramifications are not limited to monetary loss. A firm’s confidential information, customer trust and overall operations are all at risk of being compromised. To protect their data and systems from cyber-attacks and breaches, it is critical that firms become as secure as possible.
Raising the Bar
Over the past year, we have witnessed more firms strengthening their security measures in an effort to comply with industry regulations as well as the SEC cybersecurity expectations. Additionally, we’ve seen an increase in frequency and sophistication of both data theft and cybercrime. A study by Risk Based Security revealed that within the first nine months of 2014 there were 1,922 data breaches reported and 904 million records exposed. Four of those incidents have made the Top Ten All time Breach List and three hacking incidents combined were accountable for nearly sixty percent of exposed records. Today, most hedge funds are aware of the severe negative effects a security breach can cause; however, gaining this knowledge may have been a tough lesson to learn.
As hedge funds and investment management firms shore up security practices in an effort to comply with the SEC cybersecurity expectations and other industry and investor standards, it can become overwhelming to sort out what's required and how firms should go about achieving compliance. It can also be easy to make mistakes. We asked Eze Castle's Business Continuity and Data Privacy Manager, Lisa Smith, to tell us about some of the common information security mistakes she witnesses firms make and how to avoid them in the future. Here are some of the key questions Lisa answers:
Where are you seeing the most deficiencies in cybersecurity preparedness?
What goes into an effective Written Information Security Plan?
What common mistakes do you find firms are making when it comes to information security safeguards?
Take a look at Lisa's answers!