In this Opalesque.TV video interview, Bob Guilbert and Vinod Paul from Eze Castle Integration discuss the cybersecurity landscape of the investment community, specifically the risks facing hedge funds and alternative investment managers in 2015. Both spend the majority of their time educating their client base on internal and external risks, protecting them against the “Activist Hacktivists” looking for any means of entry into funds.
These hackers will spend weeks, months, and sometimes even years trying to get access, most often with the goal of triggering illicit wire transfers out of the fund.
Today, the usual efforts of employees to avoid clicking links or opening files and password protocoling aren't enough. Everyone should be aware of new techniques employed by hackers like “spearfishing” and “whaterhole” attacks which, with more institutional dollars flowing into hedge funds, will become more frequent. Unless funds have the right Written Information Security Policy (WISP) and processes in place, together with true intrusion detection that monitors what is coming into the firm and what data and information is going out of the firm, they can be at risk of a cybersecurity attack.
With a new year comes new regulations for hedge funds and investment firms. Earlier this week, Eze Castle Integration hosted a webinar during which Ricardo Davidovich, partner at Haynes & Boone LLP shared his insight into the Securities and Exchange Commission’s (SEC) new examination priorities as well as reoccurring themes firms should expect to see play out through the year.
What’s New in 2015
One priority for examinations this year is the focus on retail investors. Davidovich says that “hedge funds, which in [the SEC’s] mind have historically been an exclusive and private club, are being sold to the retail and consumer client base.” Meaning they will be taking a closer look at the types of fees being sold, the sales practices and the suitability analysis. Firms should focus on making sure no information released is misleading and that there are provisions against fraud. There should be a real emphasis on policies to create guidelines that can be shown and proven to the SEC.
HFMWeek Catches Up with Eze Castle Integration’s Managing Director, Vinod Paul, To Discuss How Technology Can Help Tackle the Challenges Facing Hedge Fund Start-up Firms.
HFMWeek (HFM): Are you seeing a healthy market for new hedge fund launches in the US?
Vinod Paul (VP): 2013 and 2014 were very strong years for start-ups in the US. Our US pipeline is also quite healthy for 2015 in terms of start-ups, which is a little different to Europe, where there aren’t as many launches. In terms of overall US business, 50% of the clients we brought on in 2014 were start-ups; this is up from 40% in 2013. There are several factors that have contributed to this, some that we cannot control, such as how the wider market performs. Institutional money coming back into the market is causing some of the start-up activity. Many of the start-ups we have been able to bring on were funded by larger institutions. HFM: How are today’s start-up funds different than those from five years ago?
It’s officially 2015! With the New Year upon us it is important to set new goals for the future. In today’s post, we offer five resolutions hedge funds should consider to help pave the pathway for another prosperous year.
Resolution #1: Prepare for Cybersecurity
In 2014, hedge funds were revamping their IT policies and upgrading their methods of preventing, detecting and responding to cyber threats. However, this push to overhaul and enhance security was largely reactive to the several breaches we witnessed in 2014. Among those companies affected were Sony, Target, JP Morgan Chase and Home Depot. In 2015, we predict cybersecurity will remain at the forefront of headlines. That being said, hedge funds should prepare ahead of time and have detailed information security policies in place.
Resolution #2: Avoiding Common Cloud Mistakes
When it comes to hedge fund operations and technology, there is no margin for error. Common mistakes range from not sizing bandwidth adequately to business needs to not planning proactively for applications and assuming deep security safeguards are in place. Hedge funds that take the proper precautions and do their research when cloud shopping save themselves from preventable stress and inflated issues down the road.
It’s been quite a year, and as always, it’s hard to believe it’s over. In 2014, Hedge IT continued to thrive in its goal to provide advice and insight into hedge fund technology and operations. The financial services industry is evolving at a rapid pace, and we’re evolving our topics and conversations to keep up. Across 100 blog posts this year (not including this one), almost half of them – 49 to be exact – addressed the topic of security, which is undoubtedly one of the single most important focus areas for hedge funds and investment firms today. In addition to security, we covered everything from tips for starting a hedge fund to avoiding cloud mistakes to hiring for IT roles.
Looking ahead to 2015, we plan to keep the conversations tuned in to what really matters to hedge funds when it comes to technology, and we’ll share as much content as we can in as many formats as we can. But before we get too ahead of ourselves – it’s not quite 2015 yet – let’s take a look back at 10 of our most popular blog posts from 2014.
When it comes to the cost of a successful data breach, the ensuing ramifications are not limited to monetary loss. A firm’s confidential information, customer trust and overall operations are all at risk of being compromised. To protect their data and systems from cyber-attacks and breaches, it is critical that firms become as secure as possible.
Raising the Bar
Over the past year, we have witnessed more firms strengthening their security measures in an effort to comply with industry regulations as well as the SEC cybersecurity expectations. Additionally, we’ve seen an increase in frequency and sophistication of both data theft and cybercrime. A study by Risk Based Security revealed that within the first nine months of 2014 there were 1,922 data breaches reported and 904 million records exposed. Four of those incidents have made the Top Ten All time Breach List and three hacking incidents combined were accountable for nearly sixty percent of exposed records. Today, most hedge funds are aware of the severe negative effects a security breach can cause; however, gaining this knowledge may have been a tough lesson to learn.
As hedge funds and investment management firms shore up security practices in an effort to comply with the SEC cybersecurity expectations and other industry and investor standards, it can become overwhelming to sort out what's required and how firms should go about achieving compliance. It can also be easy to make mistakes. We asked Eze Castle's Business Continuity and Data Privacy Manager, Lisa Smith, to tell us about some of the common information security mistakes she witnesses firms make and how to avoid them in the future. Here are some of the key questions Lisa answers:
Where are you seeing the most deficiencies in cybersecurity preparedness?
What goes into an effective Written Information Security Plan?
What common mistakes do you find firms are making when it comes to information security safeguards?
Take a look at Lisa's answers!
In it's fourth year running, our Global Hedge Fund Technology Benchmark Study reveals the top technology systems and applications used by investment management firms around the world. And while we aren't due to officially release the results until tomorrow - register for our webinar to hear them live - we thought we'd share a little sneak peek in the form of an infographic.
Take a look below and discover how your hedge fund and investment management firm peers are using technology to power their firm operations.
Categorized under: Hedge Fund Due Diligence Launching A Hedge Fund Cloud Computing Security Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Software Trends We're Seeing Videos And Infographics
When it comes to cybersecurity defenses, this isn’t a fantasy league. The threats are real and growing in sophistication for the hedge fund and alternative investment industry. In today’s blog, we will discuss how to prepare your firm’s defense for external attacks and internal breaches.
Cybercrime works like a defensive team that studies their opponents and plays and can make midgame adjustments. The only true way to thwart an incident is to establish a layered security program to safeguard against attacks and vulnerabilities of all kinds. Football teams share a similar composition, as there are defensive tackles and ends, cornerback and safety roles. You need to ensure your infrastructure is highly secure and cannot be penetrated by external attackers or easily manipulated by internal threats.
Last week, we co-hosted another exciting Hedge Fund Startup event with KPMG in New York and had a great turnout of fund managers looking to learn more about everything from legal and tax implications to technology must-haves and capital raising strategies.
Since technology is clearly our forte, we wanted to share some of the key takeaways from our “Achieving Institutional-Grade IT” panel, featuring speakers from Evercore Partners, Bank of America Merrill Lynch and, of course, Eze Castle Integration. Here are the highlights:
State of Emerging Manager Market
The hedge fund startup market is healthy, and investors’ appetite for emerging managers is strong
Investors are attracted to nimbler, hungrier nature of emerging managers.
Key Priorities for Startups in 2014/2015
Select the right service providers to support your business.
Understand your firm’s vulnerabilities and exposures.
The operational due diligence process is changing, therefore firms need to understand the protections they have in place to secure investor assets.