In the context of information technology, social engineering refers to the act of tricking people into divulging confidential or sensitive business information, and breaking security policies. This form of attack infiltrates companies by targeting their weakest access point, which predominantly is a firm’s employees.
The Art of the Phishing Con
Let’s examine a popular technique for social engineering known as phishing. In a phishing scheme, the hacker broadly disseminates a fraudulent email with aim to acquire sensitive data, such as, login credentials, IT resources or banking information. The message may request the recipient to submit personal information or to click on a link embedded with malware. Although this approach rarely dupes sophisticated users, a distracted employee could make one mistake and compromise a firm’s entire network.
In its 2015 priorities, the SEC’s Office of Compliance Inspections and Examinations (OCIE) listed cybersecurity as a key focus area in its risk-based assessments. Then on February 3, 2015, OCIE released summary findings from its Cybersecurity Examination Sweep.
OCIE’s sweep focused on written documentation for their assessment and conducted "limited testing" of the accuracy of the responses. They did not review the technical sufficiency of the firms’ programs either. OCIE’s reliance on documentation highlights the importance of complete Written Information Security Policies.
Following are noteworthy items Eze Castle Integration observed in reviewing the findings.
Most firms adopted written information security policies, but 43% of advisers did not conduct periodic audits to determine compliance with these information security policies and procedures.
49% of advisers did not discuss mitigating the effects of a cybersecurity incident and/or outline the plan to recover from such an incident in their written business continuity plans.
The vast majority of examined firms conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences. However, only 32% of advisers require cybersecurity risk assessments of vendors with access to their firms’ networks.
In the Written Information Security Plans (WISP) Eze Castle Integration creates for clients, we include service provider risk assessments as a standard element.
With a new year comes new regulations for hedge funds and investment firms. Earlier this week, Eze Castle Integration hosted a webinar during which Ricardo Davidovich, partner at Haynes & Boone LLP shared his insight into the Securities and Exchange Commission’s (SEC) new examination priorities as well as reoccurring themes firms should expect to see play out through the year.
What’s New in 2015
One priority for examinations this year is the focus on retail investors. Davidovich says that “hedge funds, which in [the SEC’s] mind have historically been an exclusive and private club, are being sold to the retail and consumer client base.” Meaning they will be taking a closer look at the types of fees being sold, the sales practices and the suitability analysis. Firms should focus on making sure no information released is misleading and that there are provisions against fraud. There should be a real emphasis on policies to create guidelines that can be shown and proven to the SEC.
As technology changes, it can become overwhelming to keep up with. That’s why we’ve decided to take a step back in today’s blog article to go over some of the basic vocabulary involved in cloud computing. Here are 10 terms to get you started:
Services or applications that are hosted in a web-based repository known as the “cloud”; the service is often hosted by a third-party provider who then provides access to that service to users on an on-demand basis via a network connection. This alleviates that firm from having to purchase and maintain costly infrastructure in-house.
A facility used to house computer systems and associated components, such as telecommunications and storage systems; typically includes redundant or backup power supplies, redundant communications connections, environmental controls and security features. The Update Institute classifies data centers into four tiers based on the percentage of availability and uptime.
Today we released a new whitepaper that looks at a growing trend we are seeing -- billion dollar hedge funds and investment firms moving to the cloud. Here is a sneak peak at the paper's content as well as a video interview with Bob Guilbert on why firms should read, Why the Billion Dollar Club is Headed to the Cloud.
It’s More Than Managing Money
There’s more competition in financial services than ever before. Every week, new and agile boutique firms sprout up, armed with proprietary models and the right technology foundation to compete – intensely – with the major players for billions of investment dollars. Firms of every size are competing to deliver broader ranges of increasingly exotic instruments, specialized funds, and high-performance investments that deliver competitive returns to investors whose demands and expectations continue to climb.
But when it comes to performance and success in financial services, there’s more to evaluate than just the hard numbers. Returns alone aren’t enough. Today, savvy firms know they need to deliver more. In a post-Madoff, post-2008 world, the SEC and FINRA – and investors as well – are scrutinizing all corners of the operation. There’s an increased focus on how operational risk is managed and how firms respond to greater demands for transparency. That means it’s more important than ever for firms to deploy and maintain robust, scalable, and secure technology infrastructures.
Moving to the cloud is one of our favorite topics here on Hedge IT, and there is a compelling argument for hedge funds and alternative investment firms to consider leveraging the cloud for some or all of their infrastructure. INDOS Financial, an independent Alternative Investment Fund Managers Directive (AIFMD) depository based in London is one firm that chose to utilize the private cloud for their growing firm, and we’re excited to share their experience with you.
Watch the video below for an interview with Bill Prew, CEO and founder of INDOS Financial, as he talks about selecting the right technology infrastructure for his firm’s increasing demands.
Have you been enamored by the coverage of the Winter Olympics the last two weeks? We sure have. And watching all of these great sports we don’t normally get the chance to witness got us thinking – there are a lot of similarities between technology and Olympic sports. They’re both complex in many ways and require experts (engineers and athletes) who are the best of the best at what they do.
One of our favorite sports to watch is curling. And we couldn’t help but notice that Olympic curling and the private cloud are a lot alike. Don’t believe us? Take a look.
Both are safe and secure.
Let’s be honest: curling clearly presents the least amount of danger and lowest risk for injury at the Winter Olympics. Skiing and snowboarding? We’ve seen our fair share of wipeouts this year. Bobsled, luge and skeleton? Those are terrifying enough just as a spectator. Even figure skating poses a risk when skaters are leaping and twizzling left and right.
But curling? Extremely safe. Athletes can be fairly certain – whether they are curling or sweeping – that they will come out of the event unscathed.
They say a picture is worth a thousand words so here is an infographic of our 2013 Global Hedge Fund Technology Benchmark Study that explores the most common front, middle and back office applications and technology used at today's hedge funds.
Data center facilities are at the heart of any cloud offering and, as such, are getting more scrutiny as hedge funds evaluate who the right cloud provider is for them.
Earlier this year we created a pretty infograpic that mapped what firms should look for in a colocation facility. Remember this?
Since not everyone loves infograpics, we decided to spell out what we look for in a colocation facility. Our due diligence is extensive, but here are some of the high points.
Ownership, Operation & Support: Eze Castle Integration seeks a colocation facility that is owned and operated by a reputable organization with vast industry knowledge and experience. Additionally, the personnel and client support must be of the highest quality in order to ensure that all Eze Castle colocation clients receive the best service and support possible.
This week Opalesque Radio featured an interview with Bob Guilbert, managing director here at Eze Castle Integration, on addressing operational challenges facing hedge funds with cloud solutions.
The 9:30-minute podcast covers a range of topics. You can listen to the full podcast HERE, just jump to the sub-features that interest you most below.