Hedge funds unprepared for cyber attack
With details trickling in about how the sophisticated Stuxnet computer worm derailed years of work on Iran’s nuclear program, many seasoned observers are left to wonder what might happen if such a powerful weapon were ever turned against the nearly $2 trillion hedge fund industry.
Alphaserve Technologies, the IT advisor to many of the world’s largest hedge funds, today offered potential solutions to an industry which it perceives as ill-prepared when compared to big banks and other financial institutions.
Most hedge funds have protected themselves from external security breaches for years, but today’s managers need to protect themselves not only from the outside in, but rather from the inside out, contends Arup Das, CEO and CTO of Alphaserve Technologies.
The everyday, internal activities of employees accessing the internet, e-mail, skype and other information provide ideal channels for worms, malicious software and dishonest employees to siphon off confidential information and perhaps do irreparable harm.
New technologies like Digital Loss Prevention (DLP) software and deep packet inspection firewalls can look inside the internet channel for any corporate data leaving the company and stop intentional or unintentional illicit transfers of information. Surprisingly though, many marquee names in the hedge fund industry do not have this essential protection even though some are in the process of adopting it, according to Mr. Das.
“The emphasis of hedge funds’ cyber security should be on the information that leaves the firm as much, if not more, than that which is coming in,” states Mr. Das. “The best hedge funds track every minute piece of information from the moment it enters their system and maintain detailed documentation on its every movement. It is constantly surprising to us that even some of the most recognized names in this industry do not meet this institutional standard of technological governance.”
Another way to derail destructive attacks like the Stuxnet worm would be to better secure the very desktops that attackers could use as nodes. Hedge fund CTOs can accomplish this by leveraging technologies like network access protection, host based firewalls, anti-virus and anti-spyware, and ring 0 protection software while running them in conjunction with network access control technologies.
The key, says Mr. Das, is to make sure that corporate desktops are protected with the latest updates, patches and constant monitoring of internal communications. This way, most anomalous behavior will be detected.
Many of the most secure companies are also utilizing “virtual desktop’ technology which removes all information from individual desktops and instead makes users remotely access data which is centralized and locked down in corporate datacenters.
“Technologies like virtual desktop not only take data security to the next level and prevent the proliferation of worms, but they directly address the added security threats of employees working and accessing data from home,” adds Mr. Das. “Again, though, we only see a handful of hedge funds adopting these practices. It may sound superfluous to some hedge fund managers, but many of our clients have raised millions in assets as a direct result of their demonstrating to investors that they could track, document and ensure the security of information as it moves through the firm.”