Eze Castle Integration Eze Castle Integration

Hedge IT Blog

Incident Response: A Step-By-Step Guide to Dealing with a Security Breach

By Kaleigh Alessandro,
Thursday, April 27th, 2017

If your firm hasn’t fallen prey to a security breach, you’re probably one of the lucky ones. But you also probably won't be safe for long, as most firms, at some point in time, will encounter a cybersecurity incident. Cyber incidents today come in many forms, but whether a system compromise at the hands of an attacker or an access control breach resulting from a phishing scam, firms must have documented incident response policies in place to handle the aftermath.Panic Button

With the threat of security incidents at all all-time high, we want to ensure our clients and partners have plans and policies in place to cope with any threats that may arise. While this list is in no way comprehensive in detailing the steps necessary to combat cyber-attacks (and many steps will vary based on the unique type), here's a quick step-by-step guide to follow in the event your firm is impacted by a cybersecurity breach.

1. Establish an Incident Response Team.

Choose a select group of individuals to comprise your Incident Response Team (IRT). Assign each member a predefined role and set of responsibilities, which may in some cases, take precedence over normal duties. The IRT can be comprised of a variety of departments including Information Technology, Compliance and Human Resources.

Notably, your Incident Response Team should include your Chief Information Security Officer (CISO), who will ultimately guide the firm's security policy direction.

Categorized under: Security  Trends We're Seeing 



Critical Differentiators in Operational Due Diligence for Investment Managers

By Lauren Zdanis,
Tuesday, April 25th, 2017

Competition for investments is fierce across the alternatives industry, so what makes a fund stand out and what role does operational due diligence play in winning institutional assets? During a recent webinar, we invited Boris Onefater, Founder and Managing Partner at Constellation Advisers, to examine how alternative investment firms can leverage the ODD process to stand out from their peers. Below are a few key questions and answers from the conversation (paraphrased, of course). You can also watch the full webinar at the bottom of this article or by clicking here.

How has due diligence evolved over the years?

Due diligence has evolved significantly over the last 20-25 years. Prior to 1992, most of the focus was on investment due diligence. Starting around 2005, due diligence began to evolve on a fundamental level and verification and validation of service providers became a normal and accepted practice. Post-2008, the ODD pendulum really started to swing, particularly as firms began to rely more heavily on third parties.

Categorized under: Operational Due Diligence  Outsourcing  Hedge Fund Insiders  Trends We're Seeing 



Hedge Fund Cloud Summit Five Years Later: What's Changed?

By Kaleigh Alessandro,
Thursday, April 20th, 2017

I love a good Throwback Thursday, and for today's post, I want to throw it back to five years ago this month. It was April 2012, and we were hosting one of our biggest and most ambitious events: a Hedge Fund Cloud Summit. At the time, cloud computing was widely discussed and adoption was certainly growing, but there were still a number of lingering questions heard across the industry with regards to financial and business impacts of the cloud, effects on in-house IT staffs and, of course, security. 

We still answer many questions related to these topics today, so I thought it might be fun to take a look back at the four panel topics we addressed back in the 2012 event and examine how much the conversation has really changed - or in some cases, how perhaps it's stayed the same. 

Making the Business (and Financial) Case for the Cloud

For hedge fund COOs and CFOs, the business impact of a move to the cloud is still a critical consideration for established firms. But many of the myths and common questions that were prevalent back in 2012 are now pretty easy to explain. How do investors feel about the cloud? In 2017, investors are generally comfortable with the cloud if not in favor of it over legacy, on-premise IT infrastructure setups. Is the cloud really more cost-effective? This question was a long-standing 'myth' that's been debunked; for some firms, yes, costs may be lower depending on their previous infrastructure and personnel situation, but for all, the predictability of cost is what has become a primary driver for cloud adopters. 

Categorized under: Cloud Computing  Security  Operational Due Diligence  Outsourcing  Launching A Hedge Fund  Private Equity  Hedge Fund Operations  Infrastructure  Trends We're Seeing 



The Value of a Global Network: Q&A with Networking Expert Mike Abbey

By Eze Castle Integration,
Tuesday, April 18th, 2017

With the gravitation towards all things cloud, understanding the role a global network plays in all layers of connectivity is crucial, especialy for the financial sector where firms rely on low-latency and seamless access to counterparties across the globe. 

mike abbey eze castle integration headshotSo, as we often like to do here on the Hedge IT blog, we turned to the experts.
 
Mike Abbey is the vice president of network services here at Eze Castle Integration. He joined the company in 1999 and is currently responsible for ECINet, our global carrier class network platform. Mike also provides design consulting and best practice audits on fault tolerance and scalable optical, Ethernet, and IP-based networks, from single and multi-site domestic networks to multi-site, global deployments. He is a graduate of Binghamton University.
 
Q. Mike, what are you hearing from clients regarding networking and Internet services?
A. To be honest, most hedge fund managers don’t have the time – and don’t necessarily want – to grapple with the complicated intricacies of securing and maintaining an enterprise-class network or Internet service. That’s where my team and I come in. We help simplify this process for our clients using Eze Castle’s ECINet global private network.

Categorized under: Communications  Cloud Computing  Outsourcing  Hedge Fund Operations  Infrastructure 



Here Are Investment Managers' Biggest Cyber Security Fears

By Kaleigh Alessandro,
Thursday, April 13th, 2017

There’s a lot to fear in the cyber world: rogue nation states, professional cyber criminals and would-be hacktivists, just to name a few. Their weapons of choice vary in scope and substance, but regardless of the threat actor, investment management firms must employ rigid and resilient protections to ward off the equally sophisticated cyber threats that continue to surface.

During a webinar earlier this year in which we detailed various levels of cybersecurity firms should consider, we asked our attendees to identify what they determined to be the most concerning cyber threat to their business.


biggest cybersecurity fears for hedge funds


Let’s break down these numbers a bit and explain why these cyber threats are eliciting the most fear.

Unauthorized access or theft of data (31%)

Nearly a third of firms selected this as their biggest cybersecurity fear, making it the most common fear among our respondents – and we can understand why. There are a number of ways threat actors and hackers can gain entry into a firm’s systems/network (we’ll talk about those below), but ultimately, that unauthorized access/theft of the company’s data or sensitive information is what could lead to its downfall. From malware threats to social engineering scams to denial of service attacks, threats that results in your firm’s data and assets ending up in the wrong hands are a serious concern.

Categorized under: Security  Private Equity  Trends We're Seeing 



Top 10 IT Security Audit Gaps and How to Avoid Them

By Katelyn Orrok,
Tuesday, April 11th, 2017

When it comes to cybersecurity there are many factors that you need to be conscious of. During a recent webinar, speakers from Eze Castle Integration and Wolf & Company shared 10 of the most common cybersecurity gaps identified during an IT audit/risk assessment. We’ve listed the top 10 below and shared some particulars on a few of the most critical (in our opinion). For more detail on how these gaps are presenting themselves – and also best practices for avoiding them – click here to listen to the full webinar replay

Top 10 IT Security Gaps  

  1. Risk Management and Governance

  2. IT Asset Management

  3. Vulnerability Assessments

  4. Patch Management 

  5. Social Engineering & User Training 

  6. Business Continuity Planning

  7. Multi-Factor Authentication

  8. Third Party Vendor Management 

  9. User Provisioning and Management 

  10. Incident Response Planning/Procedures 

Categorized under: Security  Operational Due Diligence  Outsourcing  Private Equity  Hedge Fund Operations  Infrastructure  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



Throwback Thursday: Will you trade in your iPhone for the Nokia 3310?

By Katelyn Orrok,
Thursday, April 6th, 2017

Do you remember the Nokia 3310? C’mon, you know which one I’m talking about. It was that indestructible T9 phone that was a must-have back in the 2000s. It was a huge seller primarily due to its long battery life and its durability (as a result of its unique casing). Now more than 17 years after its original debut, the Nokia 3310 is being relaunched. Set to release in Q2 of 2017 we’re curious to see the hype behind this new, but old phone.

After scouring the Internet, here’s a list of why we think some people are getting excited for the return of this ‘old school’ device.

Categorized under: Trends We're Seeing  Communications 



IRS Phishing and Malware Scams Abound, Here’s How to Avoid the Bait

By Mary Beth Hamilton,
Tuesday, April 4th, 2017

As April 18th (US) and April 30th (Canada) near, cyber scammers are pulling out all their tax scams to trick consumers and capitalize on the flurry of activity. Our friends over at Proofpoint say that “this year, [they have] tracked malware distribution in addition to the customary phishing schemes among the email threats related to federal taxes.”

The IRS is also urging people to remember that “the IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. In addition, IRS does not threaten taxpayers with lawsuits, imprisonment or other enforcement action.”

So to help our clients stay vigilant, we’re highlighting some recent phishing tricks and sharing phishing flags every employee should recognize.

IRS Phishing and Malware Scam Examples

Example 1: Malware Distribution

This first example centers on malware delivery and was identified by the Proofpoint researchers who analyzed numerous tax/IRS-related phishing emails. In this IRS phishing campaign, the recipient was asked to read the IRS Privacy Policy, which was attached to the email (hint: don’t open unexpected attachments!). With this campaign, once the attachment was opened and the embedded macros where enabled, the macros downloaded malware (Dridex botnet ID 1105).


IRS malware scam email by Proofpoint

Categorized under: Security  Operational Due Diligence  Hedge Fund Operations  Infrastructure  Trends We're Seeing 



Cost, complexity & security drive hedge fund outsourcing

By Lauren Zdanis,
Thursday, March 30th, 2017

This article first appeared on Hedgeweek and Private Equity Wire as part of Eze Castle Integration's Technology Resource Center

Outsourcing has not only become an accepted practice among hedge fund managers, it has become a necessity as funds large and small seek out ways to control their costs, manage their internal resources more effectively, and overcome the ever growing challenge of regulatory compliance. Mark Coriaty, Chief Strategy Officer Eze Castle Integration

Perhaps more than ever before, hedge fund managers recognise that as cloud technology makes huge strides forward it makes more sense to focus on their core activities of investing and raising capital, appointing a trusted outsourced provider to manage the raft of non-core activities that investors do not want managers to be preoccupied with. 

Indeed, while the thought of hosting IT offsite was once a worry for allocators, today’s investors find comfort in knowing hedge fund and alternative investment firms are focusing on their investment priorities and leaving the technology decisions to the experts. 

Mark Coriaty is Chief Strategy Officer at Eze Castle Integration. In his view, a firm’s fee structure as well as the growing complexity of the back-office directly impact the extent to which managers choose to outsource and spend capital over time. 

"Today the majority of our clients range anywhere from 20 to 200 users and most of these users sit in the front office; portfolio managers, analysts, traders, says Coriaty. Over time, the back office has had to grow due to the number of counterparties and regulatory obligations that managers have. The growth of counterparties and investor requirements coupled with increased compliance and regulations has introduced more complexity and risk into hedge fund options." 

Hence outsourcing.

Categorized under: Outsourcing  Security  Hedge Fund Operations  Trends We're Seeing 



Stuck on the Technology Treadmill? A Case for Hedge Fund Managed Services

By Kulvinder Gill,
Tuesday, March 28th, 2017

The technology treadmill is a tough place to be these days. Technology refresh cycles last only a mere three years, forcing firms to replace their infrastructures and make costly software and hardware upgrades on a too-frequent basis. And with hedge fund budgets tighter than ever, many firms cannot afford to stay on this path.Hedge Fund Cloud, 5 Reasons, hedge fund technology

But the hedge fund technology treadmill is not a firm’s only option. Costly in-house, 'traditional' IT services have given way to more cost-effective outsourced IT and managed services that get firms off the treadmill and on a path to success.

Let’s have a look at some of the key reasons why hedge funds and other investment management firms are moving from on-premise technology infrastructures to cloud and managed services.

Keys factors driving hedge funds to managed services

Many firms are turning to managed IT services because it allows them to align their IT requirements with their business needs, including tighter control on budgets and staff. Moving to a managed service platform provided by a reputable outsourced IT provider not only makes it easier to deploy technologies, but also allows firms to benefit from platforms inherently designed to meet the constraints of limited IT resources and budgets.

Categorized under: Cloud Computing  Security  Outsourcing  Infrastructure  Trends We're Seeing 



Recent Posts / All Posts / Previous Page / Next Page