COMPANY

Focus: Financial

Financial News and Media

Leading Hedge Funds Assess Threat from Cyber Criminals
04 Jul 2011

Cyber attacks have become more frequent but so far hedge funds have not been a target. Nevertheless, many prominent hedge funds as assessing their defences and putting up defences against hackers.

"Most regulations and best practices have stated what the goal is but do not provide information on how that goal is to be accomplished. This makes it difficult to provide information to auditors because of the subjective nature of what data is beneficial to them. This is changing. PCI DSS and Massachusetts' data privacy law 201 CMR 17 are providing specific prescriptive security controls that must be adopted. Both mandate a number of security functions (e.g., firewalls, antivirus, and vulnerability assessments) that must be implemented. It is a little easier to demonstrate compliance if what needs to be done is known, but with these prescriptive security controls come new standards for continuous monitoring and auditing.

The importance of security monitoring is growing. Massachusetts 201 CMR 17, which went into effect in 2010, requires "regular monitoring to ensure that the comprehensive information security program is operating." The HITECH update to HIPAA requires improved reporting associated with electronic medical records. Legislation introduced in Congress to update the Federal Information Security Management Act (FISMA) requires continuous detection, monitoring, correlation, and analysis of the security of information systems. All of these efforts are forcing continuous monitoring, not just a "checkbox approach" to compliance. Compliance with these and other future mandates will require comprehensive security and compliance management."

"The technological dependency of securities exchanges upon internet based (IP) platforms has dramatically increased the industry's exposure to reputation, market and operational risks. In addition, the convergence of several innovations in the market are adding stress to these systems."

"Over the last decade technological advances have been revolutionizing the conduct of commerce and financial transactions. However, these systems, which rely on computers and the Internet technology backbone, are vulnerable to rapid, illegal intrusions that can disrupt, disable, or corrupt critical infrastructure such as power, telecommunications, government, education, hospitals, and financial services."

This Financial Action Task Force (FATF) study analyses money laundering and terrorist financing (ML/TF) risks associated with commercial websites and Internet payment systems.

This document reinforces the Federal Financial Institutions Examination Council (FFIEC) 2005 framework, to update Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment.

Banks' awareness and recognition of the magnitude and intensification of technology risks should correspondingly be more perceptive and discerning, both for individual banks and the financial industry as a whole. It is critical that banks have flexible, adaptable and responsive operating processes as well as sound and robust risk management systems.