Let’s start with some sobering data. Agio’s 2023 Hedge Fund Cybersecurity Trends Report shows a significant jump in reported cyberattack frequency (up 205% from 2022) and severity (up 53% from 2022). And, while in 2022, 49 percent of firms said attacks had dropped, only three percent reported the same this year. What happened? 

Expanding attack surfaces related to hybrid work environments, social engineering, and a fundamental shift in attacker’s motivations have all contributed to a surge in attacks. As criminals become more sophisticated and relentless, hedge funds are fighting harder to protect their data from being held hostage and having their environments taken entirely offline.  

Insights Into Hybrid Work Environments and Outsourcing

About half of the firms surveyed, around 45 percent, mentioned that their work policy for 2023 will mostly be a hybrid setup. Interestingly, around half of the respondents, 52 percent, also said that they would be open to outsourcing to enhance the security of their hybrid work environment. Both numbers are significant because an expanding attack surface means there’s also a growing chance for cybercriminals to try and exploit vulnerabilities, potentially compromising data or disrupting business operations. A willingness to explore external solutions could be crucial in bolstering security measures.  

cyber governance: be confidently sec audit-readyThese findings are especially relevant considering that, while hedge funds that outsource their cybersecurity felt the impact of intensified attack efforts (60% reported increased attempts and 71% said time to resolution escalated), funds that primarily insource were hit even harder, with 77 percent reporting more frequent attacks and 87 percent suffering more severe attacks.  

The Changing Face of Attackers: Motivations and Tactics

Since the rise of ransomware, attack groups have become rather formulaic: they gain access to a firm’s environment, deploy ransomware, and hope to collect a ransom. Simply put, they’re motivated purely by money. There have been some deviations in the formula, such as destroying backups and exfiltrating data to further extort victims, but more or less, their pattern and motivation have stayed the same. 

Those days are gone. Over the last two years, we’ve observed a shift in attacker profile and motivation. The groups behind some of the largest recent breaches–such as Microsoft, Samsung, Caesars Entertainment, and MGM Resorts–have displayed a propensity for chaos, and an understanding of the technology their victims relied on that would make your IT team jealous. We know the individuals involved in these attacks are young, brash, and driven by notoriety more than profit. 

Chief among their strengths is social engineering–the clever tactics used to trick well-meaning individuals into giving away information or access. In many cases, these attackers have duped helpdesks into resetting security controls, like multi-factor authentication, or convinced a phone company to redirect calls and texts to a device they own (an attack called SIM swapping). These attackers have used social engineering directly against their victims or to target critical vendors their victims rely on. 

Social engineering isn’t the only threat. These groups have gained initial access to their victims in several ways outside of social engineering. These groups also purchase access to previously compromised accounts from initial access brokers (IABs)–other bad actors who specialize in stealing credentials to sell on the dark web. They’ve paid insiders working for their target to provide remote access. Of course, attackers also go the traditional route of exploiting vulnerabilities in publicly accessible systems. 

Once they gain initial access to a victim’s environment, these young hackers use their knowledge of modern infrastructure (e.g., Azure Active Directory, Single Sign-On systems, and code repositories like GitHub) to avoid detection while silently wrapping their fingers around the heart of their victim’s organization. Once they get what they want, these groups can’t help but brag about their success on social media, ensuring their peers know who landed the latest victory. 

Agio’s Approach to Defending Hedge Funds

With some of the world’s largest organizations and most well-funded security teams falling prey to this new breed of attacker, how can you hope to keep your firm out of the headlines? 

A strong security posture starts with asset management because you can’t protect what you don’t know about. Ask yourself this question: if a vulnerability was announced in software your firm relies on (such as your VPN), how long would it be until you knew about it? Agio’s Content Management Database (CMDB) provides a complete list of your infrastructure, from laptops to cloud servers, firewalls, and switches. This database allows us to evidence that your entire infrastructure is secure and resilient and identify the risk posed by any exceptions (like that one VIP who won’t enable MFA).  

To prevent a breach, you need consistency. The backbone of a consistent defense, and how firms show security maturity to partners and regulators, is a robust set of policies and procedures. While even the best policy doesn’t stop an attack, its parameters ensure defensive stability year-over-year, even as your security team changes. Agio’s vCISOs are experienced in creating or adapting policy sets to ensure your security programs are built on a solid foundation. With the SEC’s focus on public disclosure of cybersecurity risk management practices, a strong cybersecurity governance program is more important now than ever. 

Because attackers know they can often breach their target through a vulnerable third party, it is crucial to understand which vendors pose the most significant risk to your organization. Agio’s Third Party Risk program reduces this risk by identifying risky vendors, allowing you to apply security controls proactively. 

Even the best attackers make noise when accessing a victim’s environment. They create accounts, deploy software, sign in from new locations, and change existing privileges. While these events may appear benign to some, Agio’s Cyber Operations team is adept at finding the needle in the haystack, so to speak, and stopping attackers in their tracks. By lowering the mean time to detect an attack, firms are less likely to experience a reportable incident.  

AgioNow is your window into our holistic approach to cybersecurity. In one location, you can track the progress of your cybersecurity governance activities, review your security monitoring activity, and get confirmation that your assets are compliant with your policies. 

Ensuring Transparency and Peace of Mind

Your primary concern is safeguarding your firm’s assets and reputation in the face of an ever-evolving cyber threat ecosystem. Agio understands the unique challenges you face, and our mission is to empower you with the tools and expertise needed to navigate these challenges successfully.  

When you choose Agio as your cybersecurity partner, you’ll have a dedicated ally committed to protecting your firm’s future. Contact us today to discover how we can help your hedge fund stay out of the headlines and thrive in a secure digital environment. 

See also  Vital Lessons from LPL & Ameriprise Ahead of Copilot Implementation