Cyber attacks are already a threat to hedge funds, but the true risk is expected to escalate rapidly over the next year. Hackers have started to target the hedge fund industry because of their access to significant capital, proprietary information such as acquisition and trading strategies, and linkages to other financial entities. The issue is compounded by the fact that the IT teams for hedge funds tend to be light on manpower and specialty skills. This creates a recipe for potentially significant damages to the hedge fund as well as the financial system as a whole. This is no longer a theoretical threat as demonstrated by the recent arrest of several hacking teams that specialized in stealing data from hedge funds and trading off the data.
All members of an organization need to be properly trained to protect proprietary data and understand the role they play in the overall security plan. Hackers employ a number of known, but highly effective, techniques like spearfishing and whaterhole attacks to target users, contractors, and vendors rather than bluntly attacking networks. Social engineering is faster and more effective than direct attacks. It’s important for hedge fund managers to implement internal policies around what systems and data can be accessed by various employees, and the approved methods to do so. This needs to be tied to a plan to monitor such access in order to identify anomalies that may be symptoms of a breach. It’s not a matter of if but when an incident may occur that can cost an investment company their reputation, time and lot of money. The trust of current and future investors is highly impacted should a breach occur within the organization. Be Prepared by understanding the cybersecurity issues comforting hedge funds today and download the HFMWeek Cyber Security & Risk 2015 report to understand how fund and risk managers can safeguard themselves against these attacks.