This isn't an attempt to explain the psychology of the successful. It could be a risk-embracing lack of concern until a hack happens, or many hedge funds may be too busy to implement security when there's always a new market change on the horizon. Agio provides IT support and preventative measures to hedge funds and private equity firms. No matter the reason, your data and finances are in danger. Here are a few details, provided by Agio, to understand why you're a target, how you can prevent most attacks, and how you can recover with less stress.
Preventing Basic Effort Hacks
Champions of risk, hedge fund managers and top performers need to work on the cutting edge of trading. It's not uncommon for an international deal to require fast thinking and even faster funds transfers. Unfortunately, it's becoming easier for bad actors to pose as legitimate business partners. Especially if they've already hacked your existing business partners and have all the tools they need to look real.
Spearphishing is a massive threat that snatches billions of dollars every year. One of the more damaging techniques is the Business Email Compromise (BEC) attack, which nets about $3.5 billion yearly. Modern spearphishing is more than waiting for people to fall for spam. Hedge funds are worth observing for long periods of time, and hackers will either observe your patterns, your business partner or clientele's patterns, or both. Agio can offer training for employees, even employees that are digitally intelligent, that can dramatically decrease the risk of phishing with Agio testing. How to start a private equity firm with completely fool proof cybersecurity measures? Agio can certainly help with standardizing these efforts but most likely all operations will have to evolve over time as hacking becomes more advanced.
Observation is more than just listening in on conversations or looking up trades. Viruses that have no other job but to observe and report information can get everything they need to pretend to be a trader. Do you have a method of verifying your client on the other end? Do you know the trading team on the other side? Do you have a way to sanitize or completely terminate your tech assets if you've been compromised?
The answer to these questions are both technical and policy-base. A cybersecurity professional can help you with hardening against hacking, but you need a post-game plan in the event of a successful compromise.
Recovering In The Age Of No Perfect Defense
There is no such thing as a perfect defense. Sales teams can get excited and young programmers have a lot of confidence, but any security is meant to be broken.
If it's not going to be broken by someone looking for profit, it'll be broken by a bored, highly-intelligent hacker. If not by a kid in a basement, then a kid contracted by a government group. While you shouldn't let your tech assets lay exposed, you need to spend as much time planning recovery as you plan defense. First, figure out how to get your money back.
If your credit cards, bank account, and other financial accounts were emptied today, what would you do? Do your financial institutions have policies for proving that a hack happened and helping you recover? While the 1980's to the mid-2000's had many Re: Change need to all digital properties and collateral horror stories of lives collapsing after having their accounts emptied, there are a lot more protections in place today. Hacking is a matter of if, not when, and as long as you have cyber security best practices in place, few institutions could fault you.
Your main obstacle in recovery is proving that you're not lying. Having a friend or contractor "steal" your assets while you file a claim and keep both piles of money is hardly a new scam. Financial institutions need to check for that type of fraud while simultaneously helping you with real fraud.
Have a set of emergency numbers and email addresses to contact in the event of a compromise. These numbers should be to the fraud department of your financial departments and a cyber-security professional who can perform a sweep of your systems to figure out what went wrong.
Finally, set personal vendettas aside. The first hours of a hacking situation should involve recovery. Unless you see physical evidence of the hack and can take a picture on your camera, you shouldn't try to become a counter-hacker. Contact a cybersecurity professional to discuss a partnership to protect your tech assets, finances, and digital footprint.
No comments:
Post a Comment