Over the years, cybercrime has evolved, matured and increased in frequency. Target groups vary from case to case and victims range from big merchants and high-end retailers to celebrities and common folk. On the eve of Halloween, we’ve dug up some of the scariest cyber-attacks in 2014.
One of the more innovative hacks in recent years started making headway in Great Britain in September 2013. CryptoLocker utilizes malware to encrypt and freeze victims’ sentimental and valuable files on infected computers. After successfully locking the computer, a ransom note appears on the victim’s screen demanding money in return for their files. If the victim fails to make payment, the computer remains locked and files are unsalvageable.
More than $100 million in losses were attributed to the cybercriminals’ schemes as well as hundreds of thousands of infected computers. Computer security companies estimate that CryptoLocker infected over 234,000 computers worldwide, including more than 100,000 in the United States.
At Eze Castle Integration, we invest in our employees and are committed to expressing how much we value them.
Recruiting and retaining the technology industry’s top talent is what makes Eze Castle Integration a great place to work. We provide our employees with the tools to succeed, including trainings on the latest technologies and the opportunity to showcase their newly acquired skills on a daily basis. To help our employees build lifelong careers, we offer global opportunities for professional growth and career enhancement.
We're excited to premiere our latest video below, featuring some of our very own employees. Check it out and see why our team thinks Eze Castle Integration is a great place to work.
Preparing for Ebola: A Review of the Outbreak, its Economic Impact, and Business Continuity Considerations
This year’s outbreak of Ebola in West Africa is the worst that has ever been recorded. The disease typically occurs in outbreaks in tropical regions of Sub-Saharan Africa. In the short span of a year, the virus, which is affecting Guinea, Sierra Leone, Liberia and Nigeria, has resulted in nearly 3,500 deaths.
In this article, we will look at where this outbreak started and the economic impact it has had both in Africa and internationally. We will also highlight the issues that businesses need to consider as this epidemic continues to expand.
Where Did Ebola Come From?
A report published in the New England Journal of Medicine suggests that Ebola’s Patient Zero (the initial patient of an epidemic) was most likely a 2 year-old boy living in southern Guinea. Unfortunately, the boy became very ill and died on December 6th 2013. Several close relatives died shortly thereafter. After the funerals, some of the attendants became ill. Following established patterns of close contact with the sick, the disease began spreading to other villages, then across the borders into Liberia and Sierra Leone. It wasn’t until March 2014 that the international aid agency MSF (Doctors Without Borders) became aware of the new Ebola outbreak and immediately got involved. In early August, the World Health Organization (WHO) declared “an international public health emergency”. On September 30th, the first case of Ebola was diagnosed within the United States.
At this time, the CDC is making both “best-case scenario” and “worst-case scenario” predictions of the total number of cases expected through January 1st 2015. Unfortunately, the predictions range from 11,000 to well over 1 million cases.
The following article is from guest contributor Raj Bakhru, CFA, Chief Executive Officer at Aponix Financial Technologists.
At Aponix Financial Technologists, we often find ourselves speaking to our clients about the risks around USB storage device access of external drives or USB keys. While convenient file transfer tools, they can also be quite dangerous to a firm's operations. Our arugment for blocking access historically has been two-fold:
Intellectual Property (IP) concerns: It's obviously very easy for confidential or proprietary data to leave the firm via USB keys.
Malware concerns: It's easy for infected malware to enter the firm via files existing on a USB key brought from home or other unmanaged or unprotected systems.
Earlier this month, though, the "BadUSB" exploit was released to the public. A few months ago, white hat (ethical) hackers demonstrated that USB key firmware could be overwritten and effectively sabotaged to allow the USB key to perform some very malicious actions, e.g. taking control of the computer's mouse and keyboard, among other things. USB keys affected by this exploit become weapons of destruction and data breaches, and, as the hackers demonstrated, the malicious code can be extremely well-hidden on the USB key. In fact, given the exploit resides on the USB key's firmware, deleting all the contents of the USB key has no impact on removing the malicious code. It is currently unknown how many USB devices suffer from this vulnerability, but the expectation is that it will be years before device manufacturers correct devices and the existing vulnerable devices are no longer in use.
Categorized under: Launching A Hedge Fund
In any relationship, when things are good, they’re usually pretty good. And when things are bad, sometimes they are really bad. There may come a point when you need to evaluate whether you’re still a good fit together.
Just like with a romantic relationship, your firm’s connection to a service provider (especially an infrastructure/cloud provider you rely on daily) should be strong enough to withstand a few hiccups and healthy enough to warrant open communication at all times. In some cases, it might be clear that you’re in a good place and moving forward together, but sometimes there are sure signs it’s time to call it quits.
Here are a few of those signs:
1. Your provider’s service levels are not up to snuff.
Maybe you recently experienced a major service outage or find that you not-so-conveniently have to work around confusing and interrupting maintenance schedules during work hours. You’re constantly frustrated and don’t feel like you are receiving the level of support that was agreed to – both verbally and as part of your Service Level Agreement (SLA).
Your SLA should clearly indicate the uptime standard (e.g. 99.995% availability) as well as repercussions to any breaches in the contract (for example, service credits) and associated RPOs if disaster recovery is involved
We are excited to be sponsoring the 2014 EzeSoft Client Conference later this week in Boston. For those of you who aren’t familiar, Eze Software Group is the owner of the order management system, Eze OMS, which is frequently used by hedge funds and asset managers across the globe.
As a preview to this week’s conference, we thought we’d dial it back to basics a little and explain exactly what an order management system is and why it’s a critical piece of software for many investment management firms today.
On our recent Hedge Fund Marketing and Due Diligence webinar we looked at how the hedge fund investor due diligence process is evolving especially in terms of scrutiny on technology processes and security safeguards.
The reality is that investors have a greater understanding of technology, are asking more probing questions and care about the responses they receive. We’ve even heard investors say that deficiencies in IT infrastructure and security contributed to the decisions to redeem from or not invest in a fund.
So at Eze Castle Integration we regularly assist our hedge fund clients in completing the IT portions of investor due diligence questionnaires. The wording of questions varies but here is a handy list of 51 common IT due diligence questions we see.
Provide an organization chart for the Company, its affiliates and key personnel.
Provide the physical address and general contact information for each of the Company’s office locations.
Provide the name and contact information of the Company employee(s) assigned to the client’s account(s).
Provide a list of compliance personnel, their roles and qualifications, the date of his/her appointment and position within the Company’s organizational structure.
As more and more firms compete for investor attention and allocations across the financial services industry, differentiation becomes a critical consideration. And the promise of positive returns is not always enough to secure investments in today's competitive marketplace. Now more than ever, investment firms must push the boundaries in an effort to impress and satisfy new and existing investors and emerge as premier firms. Two ways in which firms can deliver on this are through marketing and technology.
Last week, Eze Castle collaborated with Meyler Capital, a hedge fund marketing firm, to deliver a webinar on Hedge Fund Marketing Tips to Impress Investors and Raise Capital. Scroll down to watch the full replay or continue reading our brief recap.
This article first appeared in Hedgeweek's September 2014 Special Report on Risk Management.
Cyber security has quickly become a headline risk for hedge fund managers. On 15 April 2014, the SEC issued its Cyber-Security Risk Alert, a detailed 26-point questionnaire that aims to address various elements of a hedge fund’s technical and operational infrastructure to determine how vulnerable it is to cyber attacks and data theft.
This initiative is being driven by the SEC’s Office of Compliance Inspections and Examinations. It will assess 50 individual firms and based on its findings will draft a set of final guidelines for hedge funds to adhere to. This is essentially a way to address ‘technology risk’ and implement best practices through documentation in the form of a Written Information Security Policy (WISP).
According to Assured SKCG Inc, an insurance advisory firm, 37 per cent of security breaches between 2012 and 2013 affected financial organisations. Hedge funds are a high profile target. Establishing a WISP and becoming as data secure as possible is critical.
At Eze Castle Integration, the phones haven’t stopped ringing as clients look to address any gaps in their IT infrastructure and operational policies.
The North American Securities Administrators Association (NASAA) recently released survey results of cybersecurity practices of 440 registered investment adviser firms across nine states. The purpose of NASAA’s pilot project was to better understand cybersecurity practices of state-registered investment advisers, how they communicate with clients and what types of policies and procedures they currently maintain. Of those surveyed, 47% have assets under management of less than $25 million, 37% manage more than $25 million and 16% do not manage assets. In today’s post, we will share our favorite graphics and findings from the organization’s survey.
Client Contact via E-mail and Use of Secure E-mail
NASAA's survey reported 92% of investment firms contact clients through e-mail and/or other electronic messaging and only 54% of that group utilizes secure email. While 14% were unsure, a staggering 30% responded that they did not utilize secure messaging whatsoever.