• Home
  • About Us
  • Contact
  • Your Account
  • Subscribe
Tuesday, July 5, 2022
  • Login
Alternatives Watch
  • Hedge Funds
    • Manager News
    • Mandates
    • Service Provider News
    • CTAs/Managed Futures
  • Private Equity
    • Manager News
    • Mandates
    • Service Provider News
  • Private Credit
    • Manager News
    • Mandates
    • Service Provider News
  • RE/Infrastructure
    • Manager News
    • Mandates
    • Service Provider News
  • Investor News
    • Endowments and Foundations
    • ESG
    • Pensions
    • Platforms
    • Consultants
  • Research
    • Investor Scorecard
    • Manager Scorecard
No Result
View All Result
  • Hedge Funds
    • Manager News
    • Mandates
    • Service Provider News
    • CTAs/Managed Futures
  • Private Equity
    • Manager News
    • Mandates
    • Service Provider News
  • Private Credit
    • Manager News
    • Mandates
    • Service Provider News
  • RE/Infrastructure
    • Manager News
    • Mandates
    • Service Provider News
  • Investor News
    • Endowments and Foundations
    • ESG
    • Pensions
    • Platforms
    • Consultants
  • Research
    • Investor Scorecard
    • Manager Scorecard
No Result
View All Result
Alternatives Watch
No Result
View All Result

Preparing your hedge fund for the modern cybercriminal

Simon EyrebySimon Eyre
May 6, 2021
in Hedge Funds, Service Provider News
Preparing your hedge fund for the modern cybercriminal

By stevanovicigor

ShareTweetShareSendSend

The familiar adage that “every organization is a target” when it comes to cyberattacks, solidifies its place as an undeniable truth for companies in all industries each year.

Spring has barely begun and we have already seen what could be one of the biggest cyberattacks of 2021. When thousands of companies were compromised due to the exploitation of flaws in the Microsoft Exchange Server email software, organizations across the globe were once again faced with the reality that the modern cybercriminal will use any opportunity to gain leverage in the cyberspace and get a monetary advantage.

Today’s criminal is capable, skilled, and always following the money. This is what makes the financial industry a tempting target, with alternative investment firms being increasingly being targeted by criminals. Very recently, Sequoia Capital, one of the largest venture capital firms in the world, was successfully phished with sensitive data being exposed to criminal eyes.

So, what can hedge funds do to prepare the organization for an impending cyberattack?

One size fits all?

It is tempting to bolt-on the latest technology on the market, and trust that the product will do ‘what it says on the box’. When constructing a robust cybersecurity program, to avoid investing in cybersecurity plans that are seemingly “one size fits all,” hedge funds should firstly focus on evaluating the cybersecurity landscape and understanding the most common threats and potential attack vectors. The firm’s leadership and cybersecurity team should identify what factors would make your business a target and why would you be at risk, as well as consider the types of cyberattacks your peers have experienced. Ask questions such as: “What kind of breaches and attacks are happening in the industry to firms of our size and strategy?”, “How are other firms mitigating these risks and how can our fund do the same?” and “Where are the cracks in the technical armor?”

During this process, you should consider what data is most important to your business. What are the crown jewels of the hedge fund? Consider where this data is stored, who has access to it, how it is transmitted and whether vendors process it. Never underestimate what might be of value to a cybercriminal. Your most important data can include corporate data, communication records, or personal data of staff and investors.

Prioritize protecting your data and protecting against the most likely attacks that would disrupt the business.

Plenty of phish in the sea

Phishing remains a weapon of choice for the modern cybercriminal. In 2020, we saw as number of attacks occur via social engineering, voice/email phishing and impersonation. One notable example is the unfortunate set of events that set in motion the eventual closure of Levitas, an Australian hedge fund. After sending a fake Zoom invite and it being accepted, hackers planted malware and gained control over an executive’s email, leading to the approval of $8.7 million in fraudulent invoices. Shortly after, the firm’s largest investor pulled their planned investment, resulting in the fund being scheduled to wind down.

What can we learn from this? Any employee in the hedge fund could fall victim to a phishing attack, as these emails, calls and invites are carefully crafted and virtually indistinguishable from the real deal. An important mitigation strategy is to invest in high quality staff awareness training that goes beyond ticking boxes on a generic on-demand course and tests. Hedge funds should establish a training program that is relevant to the business, the work environment, and its risks, as well as the systems in use. Standard template training is insufficient in preparing staff for the delicately created and convincing attacks of cybercriminals.

A balanced blend of staff training and technology

Most cybersecurity experts would agree that defense in depth is critical. This means that the hedge fund’s technology and staff should work in harmony to achieve the highest degree of protection for the firm. Many cyberattacks, especially phishing, have time on their side. Once an employee has been convinced to click on a link, criminals will lurk in the background and look for vulnerabilities within the business. To address this issue, in addition to employee training, hedge funds should invest in a vulnerability management solution that helps discover weaknesses within the system. Hedge funds should continually perform vulnerability management with recurring penetration testing of their environment to ensure the safety of their data and uninterrupted service.

The importance of vendor management

Hedge funds today work with a network of independent partners or vendors that support the running of their operations. From law firms, to auditors, brokers, marketers, researchers and administrators, the hedge fund’s network expands into a complex spider’s web, increasing the likelihood of a successful cyberattack with each new silk thread. Why? Criminals will not always go for the bullseye, but rather compromise a target that might have weaker defenses and use their network as a steppingstone to the hedge fund’s valuable data. This is one of the reasons why regulators and hedge fund investors are hyper focused on vendor due diligence. To minimize risk, hedge fund managers should hold vendors to the same cybersecurity standards as the business itself. Remember, your firm’s network is only as secure as the weakest vendor with access to your data. Extensive due diligence of third parties should not be optional – it is required.

Criminals continue to be attracted to valuable data, and hedge funds can expect to be increasingly targeted due to the nature of their business and large transactions being processed every day. To avoid financial and reputational damage due to a cyberattack, as well as ensure regulatory compliance while navigating a complex regulatory environment, hedge funds must invest in and develop a robust cybersecurity program that is tailored to the alternative investment industry. By focusing on the most important data, most likely attacks and equally investing in people and technology, hedge fund managers can protect their business, while building a reputation as a reliable partner in the alternative investment industry.

Tags: cybersecurity
ShareTweetShareSendSend
Previous Post

Barometer Capital launches Canadian music rights fund

Next Post

Yale’s Swensen remembered as an alternative investing pioneer

Related Posts

INPRS presses on with alts pacing plan
Hedge Funds

INPRS presses on with alts pacing plan

The pricing power of today’s tech-enabled investment office
Hedge Funds

The pricing power of today’s tech-enabled investment office

Franklin Templeton taps alts consultant
Hedge Funds

Franklin Templeton taps alts consultant

Michigan funnels $2bn-plus in Q1 alts investments
Hedge Funds

Michigan funnels $2bn-plus in Q1 alts investments

Headwinds and opportunities in biopharma
Features

Headwinds and opportunities in biopharma

Next Post
Yale's Swensen remembered as an alternative investing pioneer

Yale's Swensen remembered as an alternative investing pioneer

Log In

Lost your password?

Recent

INPRS presses on with alts pacing plan

INPRS presses on with alts pacing plan

Ember Infrastructure raises $340m for first fund

Ember Infrastructure raises $340m for first fund

Aussie fund, Apollo link on $1 bn-plus Asia-Pacific strategy

Aussie fund, Apollo link on $1 bn-plus Asia-Pacific strategy

Search the AW Archives

No Result
View All Result

Download

Alternatives Watch

© 2019-2022, All Rights Reserved  |  BMV Digital

Navigate Site

  • Hedge Funds
  • Private Equity
  • Private Credit
  • RE/Infrastructure
  • Investor News
  • Research

Follow Us

No Result
View All Result
  • Hedge Funds
    • Manager News
    • Mandates
    • Service Provider News
    • CTAs/Managed Futures
  • Private Equity
    • Manager News
    • Mandates
    • Service Provider News
  • Private Credit
    • Manager News
    • Mandates
    • Service Provider News
  • RE/Infrastructure
    • Manager News
    • Mandates
    • Service Provider News
  • Investor News
    • Endowments and Foundations
    • ESG
    • Pensions
    • Platforms
    • Consultants
  • Research
    • Investor Scorecard
    • Manager Scorecard

© 2019-2022, All Rights Reserved  |  BMV Digital

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Be an alts insider

Start your days in the know with our free newsletter

No, I don't want to be an alts insider

Thank

You!

Follow us
on LinkedIn

Cookie Consent
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie Settings Accept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept
Powered by CookieYes Logo