This article first appeared on Hedgeweek as part of their 'Cybersecurity in Europe 2017' Special Report.
According to the PhishMe 2016 Q3 Malware Review, the proportion of phishing emails containing ransomware grew to 97.25 per cent in Q3 last year. This is a threat that is becoming more sophisticated, and more targeted. Not only that, but the frequency of attacks is at an all-time high.
"As people become better aware of what a phishing attack is, so the sophistication of attacks targeting individuals and organisations becomes greater," says Dean Hill, Executive Director, Eze Castle Integration.
This is also being driven by continued investments in technology, making it harder for hackers to breach organisations. There is, in effect, an arms race between organisations and hackers, each trying to stay one step ahead of the other.
Stephen Banda is Senior Product Manager at Eze Castle Integration. Discussing the more targeted nature of phishing attacks, he says: "They are doing a really good job of mimicking an email that might genuinely have come from the CEO. It's difficult for the recipient to discern this unless they really take care to look at the email signature – is there a 1 being used instead of an I, for example, in the person's email name?"
The most vital asset a business controls is its information. As the driver of many business processes, data is a powerful tool, and therefore has to be secure, accurate and accounted for. When this sensitive information gets into the wrong hands, it can cause serious damage to a firm’s business operations and reputation.
Types of dirty data
Forgotten data poses a critical security risk to financial firms. This type of data includes old reports, archived emails, outdated customer information and information that is stored on devices you may not realize (e.g. flash drives, scanners, printers, and video conference equipment). Verizon’s 2008 Data Breach Investigations Report found that 66 percent of breaches involved forgotten data that companies were unaware was in their systems.
Duplicate data, similar to forgotten data, is a danger to firms because it is sometimes unknown that copies exist. Backup files can be misplaced and left behind, leaving hackers with additional access points into your network.
Outdated or incomplete data is information that employees hold on to. Whether it is old client contact information, employee information or corporate presentations, data that is not current and, hence, unneeded in your environment adds an additional access point into your systems.
Categorized under: Security
Last month, the Eze Castle Integration team in London celebrated its 10th anniversary. The momentous milestone was marked with a staff party at a traditional pub on the River Thames with panoramic views of the city. I recently sat down with Simon Eyre, director of service, who was one of the three employees transferred over from New York to help setup the London office, to talk about the ten years in an ever-changing technology landscape and look into the future.
Wishing all of our clients, partners and friends a happy and safe Fourth of July!
Categorized under: Communications
In this interview, Eze Castle's Chief Strategy Officer, Mark Coriaty, discusses the emergence of the hybrid cloud and why some financial and investment firms are taking a closer look. NOTE: This article first appeared on Hedgeweek and Private Equity Wire.
Talk about the advancement and evolution of cloud services in recent years and how we’ve ended up where we are.
MC: If you step back and look at the landscape over the last four or five years, we have seen a lot of changes both on the technology front, as well as within the financial markets. Whether the result of fund raising challenges or increasing regulatory demands, the landscape for alternative fund managers has changed significantly.
We’ve therefore had to adapt to the market and this includes three different components: service, technology, and networking/security. With all the different regulatory bodies and demands from standards boards and governments, we needed to make sure we were providing a solution to our clients that a) met those requirements and b) was up to par with the security measures that we pride ourselves on at Eze Castle.
When you look at the Eze Private Cloud, it is a very controlled environment. It features a number of components related to private networking, client controls, data integrity controls, as well as enterprise-standard security measures. But as the public cloud has started to become more popular and mature in recent years, firms have started to pay closer attention to it.
Typically, this is because the cost structure is scalable. If you look at major providers like Amazon, Microsoft and Google, they have enough scale in their infrastructure such that it becomes less expensive for the customer to use the public cloud. However, when you analyse what they deliver versus the requirements of a lot of investment firms, oftentimes those requirements supersede what these large public cloud providers can offer.
Hence the hybrid cloud.
Here at Eze Castle Integration we take great pride in listening to our clients and the market as a whole. It is this approach that led us to build the hedge fund industry’s first Private Cloud, which today supports firms around the globe. It is also the catalyst behind our newest cloud offering, Eze Hybrid Cloud.
The Eze Hybrid Cloud combines our premier Eze Private Cloud with Microsoft Cloud services to deliver a secure and flexible environment fully managed by Eze’s world-class service organization.
The Eze Hybrid Cloud innovation was born of Eze Castle Integration’s years of private cloud experience, deep Microsoft partnership and award-winning service organization. Eze Hybrid Cloud draws layers of security and resiliency from the Eze Private Cloud, applications from the Microsoft Cloud and 24x7x365 expert support from the Eze global service team.
Categorized under: Cloud Computing
This article first appeared on Hedgeweek and Private Equity Wire as part of Eze Castle Integration's Technology Resource Center.
Just a decade ago, the cyber threat landscape was far less pronounced, but thanks to significant advances in IT, mobile technology and digital platforms, the the threat of cybercrime has grown exponentially and poses risks across the global industry and for national critical infrastructure (power stations, hospitals, dams, financial services).
As managers in the financial services industry increasingly adopt digital technologies, they increase the number of attack surfaces and weakness points within their networks. As a fund manager introduces a new counterparty into their network, the exact increase in risk is unknown but it may likely be substantial.
“Unless you are running a shutdown, fully closed network environment, the reality is you are always going to have the risk of someone trying to gain access to your network,” says Mark Coriaty (pictured), Chief Strategy Officer, Eze Castle Integration.
“That said, when you look at the different technologies that exist today – next generation firewalls, endpoint protection, active threat protection – there are many ways to keep on top of cyber risk. These layers of protection can be enhanced by real-time monitoring by security analysts. Companies that operate a security operations centre (SOC) can bring a human level of interaction too. They will proactively monitor for active threats across thousands of networks, which gives them an advantage in identifying and preventing intrusions."
Technology is only effective if it’s supported by a robust network infrastructure. And despite that you can’t see it, your network is one of the most powerful (and underrated) components to your IT operations.
During a recent webinar, Eze Castle Integration's VP of Network Services, Mike Abbey, discussed trends in networking technology and highlighted the power behind your firm’s network. Some areas he explored during the 20-minute discussion include:
How private networks differ from traditional Internet lines
Why global private networks are particularly advantageous for financial and investment management firms
How Internet of Things devices - and the multitude of devices in general - are impacting network infrastructure requirements (speed, bandwidth, etc.)
What benefits/advantages firms can gain from direct peering and connectivity
Watch below or click here for our full webinar.
Keeping up with the myriad of cyber security requirements expected of today’s financial firms is a daunting – and sometimes unachievable – task. This list continues to grow in size and scope, and remembering how often to perform tests or when to change passwords is a growing challenge for CTOs and business execs responsible for technology.
To assist in guiding your firm with its cyber plan implementation, we’ve outlined a basic calendar of security reminders to help you stay on track. Listed in order of frequency, here’s how often you should plan to take these security steps:
3 months: Change your passwords.
At least every 90 days, we recommend changing your network, system and application passwords to prevent intruders from gaining unauthorized access. Remember: password creativity is critical, and password re-use is a big no-no.
3-6 months: Conduct a simulated phishing exercise.
Phishing is one of the most effective, and thus dangerous, social engineering scams in use today and threatens to deceive and manipulate users into opening gateways, sharing confidential information or, in many cases, making financial transactions. Simulated phishing exercises (whether conducted by your firm itself or via a managed service provider) are the most effective way to test users’ knowledge of email threats and train them to be cyber aware. Most firms opt to perform quarterly phishing tests, but semi-annual exercises are commonplace also.
We recently sat down with Matt Donahue, Security/Data Privacy Consultant and Steve Banda, Senior Product Manager, to discuss cyber security trends in the family office space, as well as what steps these and other wealth management firms can take to prevent cyber-attacks. NOTE: This article originally appeared in MarketCurrents' Technology Trends - Family Office Series 2017.
What are the biggest cybersecurity threats investment management firms face?
There are constant threats facing organizations internally and externally, especially within the financial industry. One of the biggest issues is that the cyber threat landscape is continuously evolving. Hackers are trying to compromise firms in a number of ways – from phishing and social engineering to ransomware. It’s becoming much like an arms race, where both sides (hackers and criminals vs. security firms and CISOs) are diligent, organized, and well-funded, each gaining and losing the upper hand on a daily basis.
From an internal perspective, threats emerge as a result of employees being inadequately trained, falling prey to social engineering scams or not following corporate policies. They also come from technology gaps including outdated IT systems, lack of patch management and other shortcomings that could have been addressed by vulnerability assessments.
Building on the importance of vulnerability assessments, firms should recognize that hackers are always scanning to identify holes and gaps that may provide an opportunity to breach an environment. This risk reinforces the importance of technology security defenses including next-generation firewalls, intrusion detection and prevention systems (IDS/IPS) and penetration testing. Ultimately firms want to close gaps and make IT environments unappealing to hackers.