Cybersecurity Insight

It’s Time for Hedge Funds to Step Up Cybersecurity

20 Nov

The financial industry is one of the most powerful, and most confusing in the world. It’s also the glue that holds a country’s, and sometimes the world’s, economy together. Only a select few have the knowledge to succeed in a sector where thousands of investments, trades, sales, and purchases are made on a daily basis. However, there are many people out there who wish harm on this industry, or to steal trade secrets.

A hedge fund is a firm that includes limited partners or investors who make high risk trades. Hedge funds are only available to certain individuals, not the general public, and are generally unregulated – although the financial crisis in 2007 did bring about some regulations to the industry.

One area that remains highly unregulated is that of cybersecurity. Like many other financial institutions, a hedge fund’s transactions remain largely electronic. Trades must be made at precise times to be effective and even the smallest glitch can mean major losses for the fund.

This makes cybersecurity a rising concern in the industry, even if the firm itself believes it would never be a target.

“It’s certainly an area where very many think, ‘It won’t affect me,’ or, ‘Why us? We are a small firm.’ But certainly when it hits there can be strong reputational repercussions, and you can lose a business if it’s really serious,” said Thomas Deinet, the Exectutive Director of Hedge Fund Standards Board Ltd., in a recent interview with Law360.

One such attack occurred in 2013, and took nearly a year to thwart. An unnamed fund was the victim of an attack when a group of hackers installed malicious software on their servers for a phishing scheme that squeezed its high-speed trading strategy and sent information about trades to an unknown offsite computer.

In an article on CNBC, Paul Henninger of BAE Systems Applied Intelligence said the hack was one of the most sophisticated he’d even seen, saying, “It’s pretty amazing… The level of business sophistication involved as opposed to technical sophistication involved was something we had not seen before.”

Henninger brings up an interesting point here. One that many have not thought of – that cyberattacks are not just used to shut down or disrupt someone’s business, but to steal their secrets or strategies.

The world of hedge fund management is growing and represents the opportunity to make a boat load of money; however, the knowledge to run a hedge fund comes at a premium. But, if you have people who can hack into a hedge fund’s system and see their trading strategies that makes it a whole lot easier, doesn’t it? In the case of this attack, the lag time created by the malicious software gave the hackers ample time to either trade ahead of the proposed trades, or create their own algorithmic strategies to take advantage of the trades. Sophisticated and cunning indeed.

Another interesting part of the equation is that many hedge funds are easy targets, not only because they don’t have the proper cybersecurity safeguards in place, but because they don’t go to the authorities when an attack has occurred due to the fact they may shake investor confidence.

The SEC and FBI have worked to try to educate hedge fund managers on IT security and cybersecurity as a whole. The SEC will be “checking” on funds in the coming years to see how they are implementing security systems and plans to help prevent and thwart cyber attacks, but even with more oversight there still remains a gap.

As hedge funds continue to grow into one of the most popular forms of investor trading around the world their exposure increases too. The time is now to implement proper security strategies and personnel to make sure investments and data stay safe – or we could see another financial crisis of epic proportions. The good news is cybersecurity is a topic discussed more today than it has ever before, and as the conversation continues cybersecurity will hopefully become a common part of everyday business – including the hedge fund industry.