07/10/2013

Funds Investing in Cyber Security (Their Own)

Managers are spending increasing amounts of time and money fending off cyber attacks.

One multi-billion-dollar fund operator said its computer systems detect anywhere from 1,000 to 25,000 attempted strikes each day, typically from hackers in China and North Korea. The attacks aren’t specifically aimed at the firm, but rather are part of ongoing efforts to hack into the systems of U.S. financial institutions. Indeed, a cyber-security study that Verizon published in April found that 37% of all data breaches in the U.S. involve the financial-services industry.

In response, hedge fund companies are devoting more technology resources to bolstering their computer firewalls. One large management firm said it now spends a tenth of its technology budget on detecting and preventing cyber attacks — and that doesn’t include salaries for its IT staffers. Meanwhile, a cottage industry of cyber-security consultants and software developers, including IGX Global, eSentire, Dell SecureWorks and TopPatch, is trying to capitalize on managers’ vulnerabilities.

“We are a blatant target,” said the chief technology officer at a Greenwich, Conn., fund shop. “It’s a matter of time before somebody here at the firm is hacked.”

The heightened concern comes as operating budgets already are being squeezed by new compliance obligations as well as ever-increasing technology costs. Measuring the full extent of the problem is difficult because most firms are reluctant to discuss the issue, even with their clients.

“The industry is extremely private about hacking incidents,” said Chiranjeev Bordoloi, founder of New York-based TopPatch. “They don’t want any publicity on breaches, as you can imagine.”

In addition to installing or updating security software, managers are taking other steps to guard against electronic invasions. Some are training staff to recognize “spear phishing” e-mails, in which the sender assumes the identity of a client in an effort to access information or withdraw funds. Others are performing so-called penetration tests after outsiders visit an office to ensure their systems’ defenses haven’t been weakened.

One large management firm with a staff of several hundred said it would soon begin interviewing employees to determine if their use of personal electronics such as cell phones and home computers could be compromising the firm’s computer networks.

Back Print