How hedge funds need to address cybersecurity threats

Cybersecurity is still THE hot topic and the threat of cyberattacks is growing within the hedge fund community, requiring managers to put in place policies and procedures that address the cybersecurity risks unique to their firm. This goes beyond merely acquiring technology and hoping for the best.

The alternative asset management industry is unique and cannot be expected to use generic products of security configurations. Whilst everyone emphasises the need for security, nobody takes a step back and says “What is my current strategy and the potential risks associated with it?”. Once that has been analysed, risks highlighted and understood can we ask, Who’s the “right” person to guide me and help mitigate the risks of today, and tomorrow.

This is where the evolution is. The initial package of service offerings penetration testing, back up, DR and prevention systems. That’s where providers like Storm IT Financial come in. We can share our experience, not only when it comes to what technology, but also at the level of policies and procedures. We advise management firms on how they can create customised solutions that address their specific business needs.

Hedge funds and Alternative Investment Funds control significant amounts of money, not to mention the sensitive personal information on the fund’s underly- ing investors, who are typically very wealthy individuals. The intellectual property of the fund is also highly vulnerable. It’s really a perfect place for a cyber hacker to focus their attention.

Protecting the network and fund data, is a challenge for smaller managers who simply don’t have the budgets to put in place sophisti- cated protection mechanisms. The big change is that hedge funds are now coming under direct attacks, it is no longer just the banks and clearing houses being targeted. Managers realise that they have got to improve their cybersecurity levels. These are not wide- ranging malware attacks, they have been specifically created to breach internal networks with the intention of stealing or manipulating data such as fraudulent wire transfers, stealing social security/National Insurance numbers or even just to create damage.

This is where managers need to ensure that the right policies and procedures are in place, so that they are able to respond quickly by knowing what steps to take. Without these, it doesn’t matter how sophisticated the cybersecurity technology might be, the manager would have been fully compromised.

Employee education and training remain one of the core components to robust cybersecurity plan, something we at Storm IT Fi- nancial advocate and can help firms with training seminars. It’s important to understand that people can do more damage than any piece of technology. To be as secure as possible requires a combination of policies and technology. Of course technology is key. After all, a manager won’t know they’ve been breached unless they have a detection solution in place. Smaller funds certainly don’t have

budgets to spend and tend to allow staff to have more freedom and senior management are less inclined to impose strict controls. Think and act like a large fund. In addition, people need to regularly audit their data access and carry out regular IT Audits of their systems. It is a system of checks and balances. IT Audits, monitoring and detection are becoming `must haves’ for any hedge fund manager. It’s a detailed process but that is exactly where Storm IT Financial can step in, providing the specialist expertise to consult with managers, perform gap analysis on their existing cybersecurity policies and help them more clearly understand security risks.

To conclude, it’s worth referring to the fall-out off the back of the recent NHS & ‘WannaCry’ ransomware cyberattack. Whilst the inci- dent, targeted indiscriminately firms globally, it was a clear embarrassment to Microsoft & the NHS. This is a stark warning to hedge fund managers who remain blasé about security. If private information is taken off site and you don’t do your due diligence to under- stand the extent of the breach that can be a greater threat to the existence of the fund than the original cyberattack. The real harm does not come from the cyberattack itself, it comes from the downstream effect of having to inform your investors. The reputational damage could be irreversible.

For more information on Hedge Fund/Alternative Investment Cybersecurity advice & IT Services, feel free to contact Storm IT Financial.

Storm IT Financial FinTech News & Trends picks: Week 22nd May – 26th May 2017

MS all about the quality: Azure achieves ISO 9001:2015 certification

Microsoft Azure is proud to announce that we obtained the ISO 9001:2015 certification:

https://azure.microsoft.com/en-us/blog/we-re-all-about-the-quality-azure-achieves-iso-9001-2015-certification/

Newly discovered vulnerability raises fears of another WannaCry

A newly found networking software flaw leaves tens of thousands of com- puters potentially vulnerable:

http://uk.reuters.com/article/us-cyber-attack-samba-idUKKBN18L0GD

Cordium expands US broker-dealer services

Cordium, a provider of governance, risk compliance services, launches a new regulatory hosting solution in the US:

http://www.hedgeweek.com/2017/05/25/252137/cordium-expands-us-broker-dealer-services

Saxo Bank releases new developer portal

Saxo Bank releases a new developer portal which underpin’s Saxo’s Open Banking initiative:

http://www.institutionalassetmanager.co.uk/2017/05/23/252048/saxo-bank-releases-new-developer-portal

Bank of America preps data sharing service

BAML working with multiple financial data aggregators to connect data from client accounts to third-party financial management applications:

https://www.finextra.com/newsarticle/30625/bank-of-america-preps-data-sharing-service

Outsourcing Technology for a bank is like outsourcing the bank

Citigroup see themselves as a technology company with a banking license, says Citibank CEO:

https://www.finextra.com/blogposting/14105/outsourcing-technology-for-a-bank-is-like-outsourcing-the-bank

IHS Markit Launches MiFID II Solution for Regulatory Outreach and Re- papering

Data & analytics specialist IHS Markit has launched a new platform de- signed to address regulatory implementation of Europe’s MiFID II:

http://www.finalternatives.com/node/35230

One year GDPR countdown is a final warning for or- ganisations to sort compliance out

May 25 2018 will see the General Data Protection Regu- lation (GDPR) legislation come into effect:

http://bit.ly/2rXChDR

Regulating Fintech: five key steps to sustainable growth

Steps that can drive the growth of fintech globally:

http://bit.ly/2rGhKGz

Horror as hot millennial investment bankers quit for Tech jobs elsewhere

The new thing among investment banking employees is to leave the industry to work for a tech company:

http://bit.ly/2s2NNgl

The high cost and risk of On-Premise vs. Cloud

CAPEX vs. OPEX to consider:

http://www.cio.com/article/3198366/cloud-computing/the-high-cost-and-risk-of-on-premise-vs-cloud.html

Fintech vs Bank: Roles And Advantages Of Both Parties

There are differences between fintech and banks:

http://www.valuewalk.com/2017/04/fintech-vs-bank-roles-advantages-parties/