The following excerpt originally appeared in FundFire and was written by Lydia Tomkiw.
In this exclusive interview with FundFire, Vinod Paul, Chief Operating Officer of Align, and John Araneo, Managing Director, Align Cybersecurity, and General Counsel of Align, discuss the most significant cloud trend occurring in the investment industry today, as well as, two of the biggest concerns regarding cyber threats.As cybersecurity has shot up the list of compliance priorities for alts managers, so has the sophistication of spoofing and business-compromise emails. And while conducting mock cyber exams and vendor due diligence remain key priorities for hedge funds, few hedge fund managers are doing enough, experts say.
Phishing and false wire payments are two of the biggest concerns. The sophistication of phishing has grown, with bad actors using personal information that rarely has anything to do with work at a hedge fund to conduct their scams – for instance, sending emails pretending to be from the school of an employee’s child school or from alumni organizations of universities.
As fund managers transition their data to public clouds, the hacking community is busy looking for backdoors in, says Vinod Paul, Chief Operating Officer of Align. Since the end of 2018, spear phishing and spoofing emails targeting hedge funds have continued at a high rate.
“We have seen an incredible increase in the amount of spoofing emails and business compromise email threats,” he says.
Wire fraud attempts remain another big threat that hedge funds have to worry about going forward, says John Araneo, Managing Director, Align CybersecurityTM, and General Counsel of Align.
“It’s clear attackers have gotten a hold of a manager’s Form ADV, their LinkedIn profile. They’ve gotten visibility on their emails for a few months. Those are the ones that are hard to ferret out,” he says.
Managers know they face generally greater risk. Eighty percent of financial services firms agreed that cybersecurity concerns are “a serious risk,” according to a recent survey of over 200 firms, 35% of which were alts managers, conducted by ACA Aponix and the National Society of Compliance Professionals.
But few alts firms are routinely conducting mock regulatory cybersecurity examinations, according to the survey. Only 18% reported having conducted an exam within the past 12 months and only 1% reported having conduced one over the last 24 months.
Alts firms also reported partial progress in blocking USB device read and write privileges – a prime way for hackers to tap into internal systems – with only 52% of firms saying they fully block such access.
Click here to access the full article on FundFire.
Reach out to learn more about Align's award-winning Managed IT Services, spanning Public Cloud Services, Cybersecurity, 24x7x365 IT and Infrastructure Support, and more.