In case you missed it, this week the Pentagon released its Annual Report to Congress looking at the military and security developments involving China. According to the New York Times, the report is virtually the first time “the Obama administration has explicitly accused China’s military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map 'military capabilities that could be exploited during a crisis.'"
The report states that cyberwarfare capabilities could serve Chinese military operations in three key areas.
- First and foremost, they allow data collection for intelligence and computer network attack purposes.
- Second, they can be employed to constrain an adversary’s actions or slow response time by targeting network-based logistics, communications, and commercial activities.
- Third, they can serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict.
Yesterday, we hosted a webinar, “Going Social: What Investment Firms Need to Know about Social Media Compliance” along with Global Relay, an Eze Castle Integration partner and provider of enterprise message archiving and monitoring services. Global Relay's vice president of sales, Bryan Young, and our own vice president of marketing, Mary Beth Hamilton, discussed a range of topics including the changing SEC guidance on social media, compliance requirements for hedge funds and key components of instituting a social media policy at an investment management firm. Read on for a recap of the event, or watch the full replay now.
Next week – Tuesday, May 7 through Friday, May 10 to be exact – one of the largest annual gatherings of investment management professionals will be taking place at the beautiful Bellagio Las Vegas. The SALT Conference will feature over 100 expert speakers participating in 36 panel discussions, individual speeches and breakout seminars throughout the four-day event. The focus of this year’s conference is on macro-economic trends, the political environment and opportunities for alternative investment firms within the context of the global economy.
As in past years, the SALT Conference is sure to be a who’s who of industry professionals. Past keynote speakers have included such notable names as Bill Clinton, George W. Bush, Al Gore, Mitt Romney, Colin Powell and Tony Blair. Who is on the docket to speak this year? What will the specific discussions and hot topics be? Following are some highlights we’re looking forward to at next week’s event.
On 19th March, the Eze Castle Integration team in London hosted their first-ever Hedge Fund Cloud Summit at the Prince Philip House.
Eze Castle Integration along with leading experts in the financial services industry - INDOS Financial Limited, Morgan Stanley Prime Brokerage, Bloomberg, Credit Suisse Prime Services, Lucidus Capital Partners LLP, Portman Square, LLP, eSentire, Global Relay, and Simmons & Simmons - came together to provide a half day educational seminar featuring a wealth of information on the cloud to over 100 hedge fund and alternative investments firms.
Last week, we hosted a webinar with eSentire on best practices for managing security risks. eSentire is the leading managed security service vendor protecting 25% of the global hedge fund market by AuM. During the webinar, the company's director of marketing, Mark Sangster, and our own vice president of client technology, Steve Schoener, explored topics including the scope of cyber threats, the anatomy of a cyber attack, continuous security monitoring and security policies and procedures for hedge funds to consider. Read on for a full recap of the information covered during the event.
Yesterday our VP of client technology, Steve Schoener, presented on a California Hedge Fund Association webinar about building an institutional infrastructure at today’s hedge funds. A lofty topic (so consider this a basic primer), Steve focused on four key discussion areas, which we’ll recap here. They were:
Investor Expectations of IT
On-premise & Cloud solutions: Which is right?
Security Risks & Best Practices
Disaster Recovery How-Tos
You can watch the 30-minute webinar now or keep reading below.
As you’re probably aware, the topic of cybersecurity has been splashed prominently across headlines lately. Earlier today, the US director of national intelligence, James Clapper, identified cybersecurity as the top global threat – even more treacherous than terrorism.
In his testimony before the Senate Intelligence Committee, Clapper cited several attacks on banking websites where sensitive customer data was compromised, as well as a security breach at an oil company that resulted in the destruction of 30,000 computers. If hackers are capable of such large-scale, damaging attacks, could investment management firms be at risk? What should you be doing to better protect your firm’s critical systems and data?
The truth is both large, well-established hedge funds and smaller startups are equally at risk of intrusion. Hackers may target large firms because they see an opportunity to profit from their substantial asset pools. Additionally, they might be after the notoriety associated with successfully hacking a well-known fund’s critical systems, especially in cases that will likely garner media attention. For smaller funds, hackers are likely after intellectual property, namely business plans, market forecasts and investment strategies.
Today we released our Best Practices for Managing IT Security Risks: A Hedge Fund Manager’s Guide, which we developed with eSentire. Following is a sneak peak of the guidance included in the 10-page guidebook. Assuming we have whet your appetite, you can download the entire guidebook here or attend our upcoming webinar on the topic (register here).
Managing Security Threats Facing Hedge Funds
Most successful cybersecurity attacks in today’s environment occur via three different methods: malware via email, malware via a website download (drive-by download or man-in-the-middle) and transfer via USB. In most cases, an employee will download an unsuspecting virus or open an unsuspecting email, triggering a malware attack that could open the door for further intrusion. Alternatively, a trend becoming more common is the threat of employees transferring information onto USB drives (whether knowingly or unknowingly), resulting in an internal security breach. Externally –and regardless of the intrusion method – attacks typically follow a similar path from start to finish. Global security firm Lockheed Martin has identified steps to what they call the “cyber kill chain.”
- Reconnaissance: Collecting information and learning about the internal structure of the host organization
- Weaponization: How the attacker packages the threat for delivery
- Delivery: The actual delivery of the threat (via email, web, USB, etc.)
- Exploitation: Once the host is compromised, the attacker can take advantage and conduct further attacks
- Installation: Installing the actual malware, for example
- Command & Control: Setting up controls so the attacker can have future access to the host’s network
- Actions or Objections: The attacker meets his/her goal (e.g. stealing information, gaining elevated privileges or damaging the host completely)
Happy New Year everyone!
2013 is off and running, and the time has come to look ahead and set goals for your investment firm to ensure a successful and prosperous year. Many of the resolutions we recommended last year still hold true, including testing your disaster recovery system, reviewing and evaluating all telcom contracts, ensuring your business continuity plan is SEC-compliant and performing a comprehensive IT systems audit.
This year, it’s time to take those resolutions to the next level. We asked some of our internal experts here at Eze Castle to share some important resolutions hedge funds could consider making for 2013. Here’s what they had to say:
Here we are again – at the end of another year and recapping some of the best and most popular posts from the Hedge IT Blog in 2012. This year, we spent a lot of time talking about cloud computing, security, and disaster recovery, among other topics.
As always, we welcome your feedback and would love to hear your suggestions for future articles on Hedge IT. In the meantime, we’ll continue to bring you new and interesting posts related to all of your favorite hedge fund technology topics.
At last, here is a recap of our most popular blog articles of 2012:
This year, we undertook a research study surveying 130 hedge funds and alternative investment firms in regards to their adoption of cloud technology. The results revealed that more than eight out of ten investment firms are either currently using or planning to use cloud computing services in the near future. This shift towards the cloud signifies a major trend in the financial services space as firms look to move away from costly on-premise technology infrastructures. You can download the complete survey report here.
Categorized under: Cloud Computing Business Continuity Planning Disaster Recovery Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Help Desk Infrastructure Outsourcing Security Trends We're Seeing
- New Considerations for Launching a Hedge Fund: Insights from the experts
- Corporate Essentials for Successful Hedge Fund Startups
- Recapping a Busy Week in Cyber Security Across the Globe
- What Do Hedge Fund Investors Ask About IT? A Technology DDQ cheat sheet
- Webinar Recap: What Investment Firms Need to Know about Social Media Compliance
- business continuity planning
- cloud computing
- data loss prevention
- disaster recovery
- eze castle milestones
- hedge fund due diligence
- hedge fund marketing
- hedge fund operations
- hedge fund regulation
- help desk
- high frequency trading
- launching a hedge fund
- privacy compliance
- project management
- real estate
- startup & relocation
- trends we're seeing
- videos and infographics