Hedge Fund Cybersecurity: Preparing Your Firm For an Intrusion

By Kaleigh Alessandro | Tuesday, October 2nd, 2012

We hosted a webinar on hedge fund security and the internal and external threats firms should be aware of. Following is a short recap of the material presented by Eldon Sprickerhoff of eSentire – a leader in the managed security services space.

For hedge funds and their investors, the reality of cybersecurity threats is a serious one and one that must be proactively and consistently monitored. Investors today expect firms to take steps to thwart potential security threats, which means using vulnerability assessments and penetration tests to identify possible risks.

The truth is that most successful cybersecurity attacks in today’s environment occur via three different methods: malware via email, malware via download and transfer via USB. In most cases, an employee will download an unsuspecting virus or open an unsuspecting email, triggering a malware attack that could open the door for further intrusion. Alternatively, a trend becoming more common is the threat of employees transferring information onto USB drives (whether knowingly or unknowingly), resulting in an internal security breach. Lockheed Martin's Cyber Kill Chain

Externally – and regardless of the intrusion method – attacks typically follow a similar path from start to finish. Global security firm Lockheed Martin has identified steps to what they call the “cyber kill chain.”

Reconnaissance: Collecting information and learning about the internal structure of the host organization
Weaponization: How the attacker packages the threat for delivery
Delivery: The actual delivery of the threat (via email, web, USB, etc.)
Exploitation: Once the host is compromised, the attacker can take advantage and conduct further attacks
Installation: Installing the actual malware, for example
Command & Control: Setting up controls so the attacker can have future access to the host’s network
Actions or Objections: The attacker meets his/her goal (e.g. stealing information, gaining elevated privileges or damaging the host completely)

While the steps may seem well thought-out and can be easily executed by an attacker, the benefit to understanding the cyber kill chain is that it gives the host a chance to counteract. The sooner into the cyber kill chain the host can identify the threat, the better chance it has of thwarting it.

And there are several options for thwarting attacks, depending on the stage in which the attack is identified. Mitigation activities on the host’s part can include: detection, denial, disruption, degradation, deception and destruction. Creating a course of action based on various scenarios and a firm’s current abilities to thwart attacks can gauge effectiveness against such intrusions and provide areas for improvement in a firm’s defense strategy.

As part of an overall strategy, firms should also look to implement the following simple best practices to help prevent costly attacks:

Enforce strong passwords and (at least) two-factor authentication
Remove local admin privileges when possible
Keep patches up-to-date for Microsoft, Adobe, Java Runtime and browsers (the most common threats originate here)
Restrict executable downloads and installations

Watch below for a full replay of the webinar: Turning Hedge Fund Security Inside-Out!

Be sure to come back to Hedge IT on Thursday for Part 2 of our webinar recap featuring an overview of essential policies and procedures to support technology and operations management as well as a look at mobile device management!