Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

US HEDGE FUNDS WEAKEN FINANCIAL SYSTEMS AGAINST CYBER THREATS

By Regina Mykolaichuk, Sentronex

The rise of cyber attacks

There have been a number of high profile cyber attacks in recent years. 2014 was the year of the breach; from Sony Entertainment, to eBay, to JP Morgan, big global organisations were hit with a string of cyber security breaches, showing just how weak their IT security infrastructure was. But perhaps nothing caught IT and Financial Services (FS) news headlines quite as much as the infamous GameOver Zeus.

The GameOver Zeus Trojan was a crippling cyber attack of an unprecedented scale. Its CryptoLocker ransomware locked unsuspecting victims’ computers, offering to restore them only if ransom money was paid. An estimated 15,500 computers were infected in the UK, and hundreds of millions of pounds were fraudulently transferred around the world. Given the global nature of cyber attacks, the international operation to take down the GameOver Zeus botnet involved five US federal agencies, the UK, eleven other governments, and thirteen private sector companies.

Unsurprisingly, therefore, a warning was issued to US hedge fund investors by the Department of Justice that they are weakening US financial system defences against cyber attacks from hackers and terrorists, putting pressure on them to act sooner rather than later in order to avoid another such – or even worse – attack in the near future. The Department of Justice also told hedge fund investors that their data could be at risk if they do not increase their cyber security.

The Assistant Attorney General for National Security, John Carlin, expressed his concerns about the vulnerability of hedge funds, stating that they hold incredibly sensitive proprietary information, valuable algorithms, and a tremendous amount of capital; and yet have very weak IT. He urged managers to pay more attention to cyber threats, highlighting the importance of sharing more information with the government.

On the other hand Anthony Scaramucci, the founder of global alternative investment firm SkyBridge Capital, believes that many in the FS sector do not feel threatened by cyber attacks until they face a security breach themselves, and therefore are not as focussed on such threats as they ought to be.

Over in the UK the Government’s National Cyber Security Strategy has put together the Cyber Essentials Scheme, which provides best practice guidance to protect organisations of all sizes from cyber threats. As the Scheme is aimed to help all industries in general, hedge funds come under the same umbrella. The Scheme is not a force of law though, so companies do not have to comply with the regulations if they do not wish to. Moreover, the Scheme itself lays out only the basic technical controls that organisations ought to have in place, so it would be recommended for hedge funds to seek out specialised cybersecurity solutions that are well suited to the intricacies of their needs.

Cyber Security Options

There are two distinct options that organisations can opt for to increase their cyber security. They can be used independently of or in conjunction with each other:

  1. The cloud is a great place to start when implementing and strengthening cyber security. Private and public clouds both have their benefits and setbacks, which can make it difficult for organisations to decide which option is the best for them. 2015 could see the rise in popularity of collocated cloud services. It is often difficult to find just one vendor who can provide everything, so going for a multi-cloud option will allow organisations within the FS sectors a ‘pick and mix’ approach when establishing their cyber security strategy. Predominantly, a collocated cloud exchange does not require the use of the public internet, which makes it more effective, private, and – most importantly – secure, making it a sound option for hedge funds in particular.
  1. WISPs are another cyber security feature that FS sectors can implement into their strategies. Standing for ‘Written Information Security Plans’, WISPs cover the administrative and technical safeguards of a company. The Security and Exchange Commission (SEC) is already asking about WISPs in their cyber security questionnaire, including whether the fund has a policy in place and if its employees have been trained and tested on it.

Needless to say, that cybersecurity is not something to be taken lightly, particularly where large quantities of money and sensitive client data are involved. But it is not just hedge funds that need to tighten – and indeed start paying increased attention to – their cybersecurity. In an age when cyber warfare targets money and politics, institutions from all FS sectors should pay more attention to their cybersecurity now than play the waiting game. And this goes for the UK just as much as the US.