It has been said that cyber weapons can be as dangerous as weapons of mass destruction. To emphasize this, at last night’s FBI Citizens Academy seminar on cyber security in financial markets, the speaker noted that if you take out an industry (think financial, teleco) you can cripple an entire country.
But just how would this happen? What’s in a hacker’s tool kit? Quinn Shamblin, executive director of information security at Boston University, provided a glimpse into the cyber security underworld.
Targeting Your Favorite Device
Let’s start with Mobile Device Security. Hackers are shifting their focus and resources to mobile devices. They recognize that a user’s life is virtually encapsulated on his/her mobile device. From contacts and email to documents, passwords and banking apps, mobile devices now hold as much as or more personal information than PCs or laptops. And most devices do not have anti-virus/malware software installed.
Just last Friday, Apple released a critical update to its iOS 7 operating system after a flaw was identified that could give an attacker with a privileged network position the ability to capture or modify data in sessions protected by SSL/TLS (aka public key encryption). Following that announcement, researchers at a cyber security firm (FireEye) published a proof of concept for a surveillance app that, if created and distributed by hackers, could capture every tap on an iPhone’s screen. The information captured, including passwords and credit card numbers, would be accessible to the attacker. These are just two examples of the cyber security threats facing mobile devices. Users need to be aware that these threats exist and practice smart computing on all devices.
In honor of our 400th post on here on Hedge IT (400 - wow!), we are celebrating with our annual blog awards. We've gathered the most popular articles according to our readers and included a few of our personal favorites, too.We hope you enjoy!
Have you been enamored by the coverage of the Winter Olympics the last two weeks? We sure have. And watching all of these great sports we don’t normally get the chance to witness got us thinking – there are a lot of similarities between technology and Olympic sports. They’re both complex in many ways and require experts (engineers and athletes) who are the best of the best at what they do.
One of our favorite sports to watch is curling. And we couldn’t help but notice that Olympic curling and the private cloud are a lot alike. Don’t believe us? Take a look.
Both are safe and secure.
Let’s be honest: curling clearly presents the least amount of danger and lowest risk for injury at the Winter Olympics. Skiing and snowboarding? We’ve seen our fair share of wipeouts this year. Bobsled, luge and skeleton? Those are terrifying enough just as a spectator. Even figure skating poses a risk when skaters are leaping and twizzling left and right.
But curling? Extremely safe. Athletes can be fairly certain – whether they are curling or sweeping – that they will come out of the event unscathed.
Effectively managing liquidity and reporting within investment portfolios has been a struggle for fund of funds, institutional investors, pensions and endowments. No manager wants to in a position where their investor liquidity does not match portfolio liquidity but at the same time firms are trying to offer investors more frequent liquidity options as a competitive edge. In some case, investors are even asking for no liquidity limits.
To adapt to the changing liquidity risk landscape, firms are selecting portfolio management systems from companies like Ledgex Systems. Recently, Ledgex released the next generation of its portfolio management platform that delivers new liquidity management and manager research modules. These new tools give firms real-time visibility into their existing and proposed portfolio liquidity options while providing the research and analytics that support the manager selection process.
The Ledgex Liquidity module provides an advanced liquidity modeling utility and reporting engine, which can generate all available options for accessing assets given certain conditions by processing each tranche and their respective trade characteristics with a manager’s liquidity terms. Ledgex can model 90% of the manager liquidity terms used in the industry.
In honor of Valentine’s Day tomorrow, we are continuing our tradition of spreading the love to those who need it the most.
Categorized under: Trends We're Seeing
Managing technology at a hedge fund can be complex and time consuming, but not when you’re on the Eze Private Cloud. Adding new investment applications is a cinch, IT costs are predictable and security is robust.
Watch our new video to see what it feels like to be on the Eze Private Cloud:
Investment risk plays an important role in the life of a hedge fund manager, but technology risk should not. When it comes to your firm’s technology systems and operations, you want things to run efficiently, not add more stress to your already crowded plate.
Mitigating technology risk is a critical step to ensuring your hedge fund operates smoothly and successfully. Following are a few areas to keep in mind as you evaluate your firm’s technology risk:
Layers of Redundancy
One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure.
Notice anything different? That’s right, your favorite hedge fund technology blog got a facelift, and we didn’t stop there -- we overhauled our corporate website too. Our goal with the overhaul was to make it even easier for visitors to get the valuable information they expect from the industry’s technology leader (us!). We hope you like it.
Now on to today’s hot topic. The U.S. Securities and Exchange Commission (SEC), at a recent industry event, said that they plan to examine the cybersecurity policies and procedures asset managers have in place to prevent and detect cyber attacks.
Specifically, according to Reuters, SEC national associate director Jane Jarcho said, “We will be looking to see what policies are in place to prevent, detect and respond to cyber attacks [and] we will be looking at policies on IT training, vendor access and vendor due diligence, and what information you have on any vendors."
Some have indicated that the SEC cybersecurity exams could be coming by late-September 2014. In many cases they will be conducted as part of the SEC's routine examinations of investment companies, however, Jarcho advised that inquiries could be done as separate exams.
Last week, we kicked off our 2014 webinar series with our first topic, “Security Incident Response Priorities: How to Prepare Your Firm Before a Breach Occurs” featuring our own VP of Technology, Steve Schoener, along with eSentire’s Chief Technology Officer, Eldon Sprickerhoff. Topics discussed included common threat actors and potential security scenarios to be aware of as well as the importance of planning a response to such attacks.
A Quick Brief
In 2012, IBM reported that companies were attacked an average of 2 million times per week, and unfortunately, the statistics aren’t declining anytime soon. It’s no longer “what if” a security breach or cyber-attack occurs, but when and how it will occur. With targeted attacks that are bypassing existing security infrastructures, the topic of security has become even more important to all firms.
The most common security threat actor lately has been attacks from criminal organizations, most notably international occurrences. Criminal organizations are out for profit and the most difficult to track down, especially in international instances. There has been less impact from Nation States, but these are still threats to be cautious of, along with insiders and hacktivists.
Categorized under: Security
At the end of last year, we predicted security would continue to be a hot topic in 2014 - and our experts agree. It's still such an important topic for hedge funds and investment firms to be educated on that we even dedicated our first webinar of the year to it.
Expert speakers from Eze Castle Integration and eSentire spoke earlier today about security incident response priorities and offered best practices for investment firms looking to plan before a security breach occurs.
Watch the video below and learn more about the three critical phases of security incident management: