Security breaches, and the fallout that comes with them, are a grave issue affecting hedge fund managers, and understanding the danger is paramount to maintaining a healthy business environment. Internal attacks are arguably more likely to occur than external attacks, leaving a firm’s intellectual property exposed. Earlier this year, IT services provider Agio acquired security firm Secure Enterprise Computing, effectively building a single, integrated IT and security platform to address these rising industry concerns.
HFMWeek: What are the main security risks that hedge fund managers need to be aware of?
Bart R. McDonough: Arguably, the highest risk comes from the actions of an employee. Due to the nature of the industry, hedge funds are unlikely to have a large external internet footprint, and as such are less likely to be targeted from a perimeter perspective. However, the well intending user is capable of gaining access to valuable, and potentially sensitive information, and can inadvertently leak this information to unauthorized parties. This leakage comes in many forms – whether through the introduction of malware via email or social media, or through the installation of unauthorized software that is then leveraged by an attacker.
Christopher Harper: The unfortunate truth is that many firms have little control over the applications in their environment. The introduction of unauthorized applications makes it difficult, if not impossible, to keep these applications up-to-date, and to have any sort of control over the vulnerabilities they introduce. As Bart mentioned, these vulnerable applications can be leveraged by attackers to introduce malcode into the environment, gain control of servers or other systems, or exfiltrate sensitive data.