It has been said that cyber weapons can be as dangerous as weapons of mass destruction. To emphasize this, at last night’s FBI Citizens Academy seminar on cyber security in financial markets, the speaker noted that if you take out an industry (think financial, teleco) you can cripple an entire country.
But just how would this happen? What’s in a hacker’s tool kit? Quinn Shamblin, executive director of information security at Boston University, provided a glimpse into the cyber security underworld.
Targeting Your Favorite Device
Let’s start with Mobile Device Security. Hackers are shifting their focus and resources to mobile devices. They recognize that a user’s life is virtually encapsulated on his/her mobile device. From contacts and email to documents, passwords and banking apps, mobile devices now hold as much as or more personal information than PCs or laptops. And most devices do not have anti-virus/malware software installed.
Just last Friday, Apple released a critical update to its iOS 7 operating system after a flaw was identified that could give an attacker with a privileged network position the ability to capture or modify data in sessions protected by SSL/TLS (aka public key encryption). Following that announcement, researchers at a cyber security firm (FireEye) published a proof of concept for a surveillance app that, if created and distributed by hackers, could capture every tap on an iPhone’s screen. The information captured, including passwords and credit card numbers, would be accessible to the attacker. These are just two examples of the cyber security threats facing mobile devices. Users need to be aware that these threats exist and practice smart computing on all devices.
Investment risk plays an important role in the life of a hedge fund manager, but technology risk should not. When it comes to your firm’s technology systems and operations, you want things to run efficiently, not add more stress to your already crowded plate.
Mitigating technology risk is a critical step to ensuring your hedge fund operates smoothly and successfully. Following are a few areas to keep in mind as you evaluate your firm’s technology risk:
Layers of Redundancy
One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure.
At the end of last year, we predicted security would continue to be a hot topic in 2014 - and our experts agree. It's still such an important topic for hedge funds and investment firms to be educated on that we even dedicated our first webinar of the year to it.
Expert speakers from Eze Castle Integration and eSentire spoke earlier today about security incident response priorities and offered best practices for investment firms looking to plan before a security breach occurs.
Watch the video below and learn more about the three critical phases of security incident management:
I know, I know, we say it every year. But can you believe another year has come to an end? Even more amazing? We’ve now been bringing you fresh content on Hedge IT for nearly four years – including close to 400 articles! As we look ahead to 2014, we want to extend a huge THANK YOU to our loyal Hedge IT readers and hope you’ll stick around to see what we have up our sleeves in the New Year. Here’s a hint: it may even include a fresh new look...
With that said, as we do every year, let’s take a look back at some of our most popular Hedge IT articles from 2013. Here are some of your favorites (and ours, too).
Back in September, we revealed the results of our 2013 Survey: Examining Cloud Usage within the Investment Management Industry. In conjunction with IDG Research, we surveyed more than 100 financial services firms and found that nearly all of them (87%) are using the cloud in some way. Other key findings included the dominance of the private cloud (74%) and the growing belief that the private cloud is just as secure as an on-premise infrastructure. Read the complete survey report here.
Categorized under: Trends We're Seeing Business Continuity Planning Cloud Computing Disaster Recovery Hedge Fund Operations Hedge Fund Regulation Infrastructure Launching A Hedge Fund Outsourcing Security Software
They say a picture is worth a thousand words so here is an infographic of our 2013 Global Hedge Fund Technology Benchmark Study that explores the most common front, middle and back office applications and technology used at today's hedge funds.
At last week’s Hedge Fund Launch 2.0 seminar, the topic of the malicious Cryptolocker malware that is circulating was highlighted as a wakeup call for why backup and security are nonnegotiable IT components. Questions abounded about this new evolution in malware so today’s post aims to address the who, what, when and where of Cryptolocker as well as a few other common Qs.
What is Cryptolocker?
Cryptolocker is a new variant of ransomware that restricts access to infected computers by encrypting them and demanding that the victim pay the attackers a ransom in order to decrypt and recover their files. Some versions of Cryptolocker can encrypt local files as well as external hard drives, network file shares and even cloud storage services that allow local folders to sync with online storage. The malware is severe and a real threat. If a company becomes infected and does not have their files backed up the files may be lost.
At Eze Castle Integation we have had clients become infected. Thankfully in these cases the clients had the appropriate backup systems in place and were able to restore the files to the pre-infection state. As of this time, the US-CERT says the primary means of infection appears to be phishing emails containing malicious attachments. The attachments may look like legitimate emails, so it is important to remind users not to click on any email links if they do not know the sender.
As we look forward to 2014, we can expect that the hedge fund and investment management industry will continue to evolve and experience change as in years past. As more and more new funds launch, the competition for investors will increase and firms will be hard-pressed to live up to the successes of the top performing funds in the industry.
Earlier this week, we gathered several panels of experts in Boston to share their insights into the hedge fund landscape for startups in 2014 and the tips and advice for firms looking to compete in the changing marketplace. Following is a brief recap of the event.
Building a Hedge Fund is Like Building Any Successful Business
When starting a new firm, it’s critical to think about all aspects or forming a new business. Yes, your investment strategy is important, but if the foundation of your business is not critically thought out, it will wreak havoc for your firm. Following are a few areas you shouldn’t overlook as you go through the launch process.
Categorized under: Business Continuity Planning Cloud Computing Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Launching A Hedge Fund Outsourcing Security Trends We're Seeing
Data center facilities are at the heart of any cloud offering and, as such, are getting more scrutiny as hedge funds evaluate who the right cloud provider is for them.
Earlier this year we created a pretty infograpic that mapped what firms should look for in a colocation facility. Remember this?
Since not everyone loves infograpics, we decided to spell out what we look for in a colocation facility. Our due diligence is extensive, but here are some of the high points.
Ownership, Operation & Support: Eze Castle Integration seeks a colocation facility that is owned and operated by a reputable organization with vast industry knowledge and experience. Additionally, the personnel and client support must be of the highest quality in order to ensure that all Eze Castle colocation clients receive the best service and support possible.
On April 8, 2014 two Microsoft products – Windows XP and Office 2003 – will reach "end of support". End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance for these products.
What Does This Mean?
End of support is significant for a number of reasons. First, this means that Microsoft will no longer be a support option should complex issues arise surrounding the software.
Secondly, Microsoft will no longer provide security hotfixes or any patches for these systems. This means that any security vulnerabilities left in these systems will no longer be addressed by Microsoft and calls to their support will not be worked.
The longer workstations keep Windows XP and Office 2003 versions, the more vulnerable they become to virus/malware/rootkit infestations and risk potential data compromise.
Are you like one of the millions of people pondering the answer to ‘what is hypervisor-based replication and how will it change my disaster recovery approach’? I know I was.
So, let me help you with that!
Our technology experts here at Eze Castle Integration spent some time in the lab testing and evaluating hypervisor-based replication and recently incorporated it into our Eze Disaster Recovery 2.0 offering. We think it delivers excellent benefits, but let’s start with the basics.
What is hypervisor-based replication?
TechTarget defines hypervisor-based replication as “a technology that automatically creates and maintains replicas of virtual hard disks or entire virtual machines (depending on the platform that is being used).” Analyst firm IDC goes on to say that this replication approach “protects virtual machines (VMs) at the virtual machine disk format file level rather than at the LUN or storage volume level, thus replication can be done without the management and TCO challenges associated with array-based replication.”