For investment management firms to embrace a security-first approach, they must regularly audit and evaluate their cybersecurity risk profile and adjust as necessary based on the evolving security landscape and technological advances. Continue reading for six questions your firm should reflect on regarding their cybersecurity risk profile.
What is our commitment to cybersecurity and what is our outlook on the future?
Regulators and investors continue to ask more questions about cybersecurity because they want to know that firms are effectively mitigating risk. To meet these growing expectations, firms must demonstrate that you take cybersecurity risk seriously and have implemented sound systems, policies and procedures to combat those risks. As the threat landscape and technology continue to evolve, investment management firms need to evolve accordingly and develop better ways to counteract threats. Firms don’t necessarily need to implement every available security technology, but they should be keenly aware of their options and have a plan to effectively mitigate as much risk as possible.
How are we addressing third party risk and oversight?
Investment management firms often rely on third party vendors to obtain functionality or capabilities that they need, want or can’t afford to produce on their own. But moving functions out of the firm's control can present challenges. With any outsourced function, the firm inherently takes on additional risks at the hands of the third party. But it's critical for investment managers to limit those risks through sufficient due diligence. To combat vendor risk, financial firms need to maintain strict oversight of all third party relationships and investigate security practices and protocols, particularly for those vendors who have access to the firm's confidential information. An outsourced vendor should be providing the same level of security (or better!) as your firm would if the function was under in-house control.
According to TechTarget’s SearchSecurity, “an advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time.” As with most sophisticated cybersecurity attacks, the goal of the intruder is to capture valuable information and steal data. APT intrusions are often focused on high-value information and sectors such as the financial industry.
The cybersecurity landscape is constantly changing and today the cyber threat actors range from organized crime to state sponsors.
How do hackers gain access?
When it comes to advanced persistent threats, the cyber criminals often use targeted social engineering tactics including spear phishing. In a spear phishing incident, criminals target specific companies or individuals and conduct background research to compile employee names, titles and contact information. Social networks are common resources crawled for this information. Obtaining such details and observing communications provides criminals with the tools to mirror email addresses, website URLs and dialect. The end result is the criminal’s identity masqueraded as a legitimate, trustworthy source.
How can you defend against Advanced Persistent Threats?
Financial institutions and firms continue to embrace cloud computing technology. For years, there has been the discussion about whether public or private cloud platforms were more suitable to financial and investment management firms. And that debate continues, but with the addition of a new player – the hybrid cloud. While the hybrid cloud is rising in popularity for firms, there are still some common misconceptions about the methodology. Take a look at our new infographic as we explain these common misconceptions.
4 Common Misconceptions about the Hybrid Cloud:
- Hybrid Cloud is a third and new type of cloud
- Hybrid Cloud can't deliver the same quality of performance as on-premise IT infrastructure
- The Hybrid Cloud isn't secure
- Hybrid Cloud environments are all the same
As your firm's IT Manager or Chief Technology Officer, you may be tasked with evaluating and directing the strategic technology initiatives at your firm. Unfortunately, this doesn’t always mean that you have the final say on how and when your firm makes technology-related decisions. That responsibility, in many cases, falls to the Chief Operating Officer or Chief Financial Officer, and in many cases, that individual does not have a technology background. It’s up to you, then, to ensure you provide your CXOs with the right information to make an informed decision about your firm’s technology foundation.
To assist in this process, lets walk through some of the primary considerations senior management (C-level execs) will weigh when evaluating a to the cloud.
Cloud Migration Drivers: Is Cost Always the Primary Factor?
Many CFOs feel the best way to justify a new technology to non-technical senior management is to provide a sound and logical cost comparison. And when it comes to the cloud, yes – cost is a big factor and a serious selling point.
If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.
Today’s emerging managers face a number of challenges: fierce competition and demanding investor expectations tops among them. With operational due diligence processes evolving rapidly, how can emerging managers differentiate themselves and make an impression on suspecting investors?
During a recent webinar, speakers from Eze Castle Integration and EisnerAmper discussed the current environment for emerging managers and examined the following topics:
Key Qualities Investors Look For
Red Flags for Emerging Manager Investors
Investors IT Expectations
Why Firms Look to Outsource
Recently, Eze Castle Integration moved office locations in London. In fact, we had just finished moving into our office, and minutes later the London Bridge attack occured. Fortunately, all of our employees were safe, but the next day our office was closed due to the ongoing investigation. WIth an updated business continuity plan in place, Eze Castle employees were still able to run business operations as usual.
Take our real-life scenario as a lesson that even if you have security in place, disaster scenarios can still happen either directly or indirectly, so it is best to be prepared.
What does developing a business continuity plan entail?
Step 1: Identify by utilizing risk assessments
Step 2: Analyse the effects on your business (Business Impact Analysis)
Step 3: Design, execute and implement a strategy
Step 4: Measure- Plan testing, training and maintenance
Technology is only effective if it’s supported by a robust network infrastructure. And despite that you can’t see it, your network is one of the most powerful (and underrated) components to your IT operations.
During a recent webinar, Eze Castle Integration's VP of Network Services, Mike Abbey, discussed trends in networking technology and highlighted the power behind your firm’s network. Some areas he explored during the 20-minute discussion include:
How private networks differ from traditional Internet lines
Why global private networks are particularly advantageous for financial and investment management firms
How Internet of Things devices - and the multitude of devices in general - are impacting network infrastructure requirements (speed, bandwidth, etc.)
What benefits/advantages firms can gain from direct peering and connectivity
Watch below or click here for our full webinar.
Voice over IP has come a long way, especially in the business world, but many financial services firms still have hesitations about making the switch. To assist hedge funds and private equity firms in making a decision about voice solutions, we're debunking some common myths.
MYTH 1: Poor Call Quality – Everyone Will Know I’m on VoIP
A main concern of VoIP is call quality, which can be impacted by a number of features including the network, available bandwidth and even the type of phones being used. However, a well-designed business-caliber VoIP system can deliver quality of service comparable to an in-house phone system. In business settings, where calls are made over private IP connections, Quality of Service (QoS) can be monitored and guaranteed because the entire IP connection is controlled by the party making the call.
When evaluating VoIP for financial firms, it is important to inquire about the underlying network and how voice traffic is prioritized and routed. You want a provider that has full control over network traffic and can ensure high quality of service. For added confidence, ask to speak with existing VoIP customers (over the phone!) to hear about their experiences first-hand.