Juvenile hackers have created major disruptions in the last few months; after breaching the security of some of the biggest global retailers, these criminals have turned their attention towards institutions engaging in high-worth transactions on a daily basis.
US hedge funds are the latest target of stealthy attacks intent on intercepting trade secrets and profit from illicit maneuvers. The threat was highlighted when an unnamed US hedge fund was hacked recently and its high-speed trade secrets were intercepted by cyber criminals, who used the data to make their own trades after transferring it to external servers, according to BAE Systems Appliance Intelligence.
BAE Systems product director Paul Henninger said that these attacks could be a case of a smaller firm spying on a larger corporation as the source of the attack was a simple phishing email sent to an employee of the hedge fund.
There was no official statement of the crime being reported to SEC or any other authority, but it was stated that the company’s board recognized the attack and took immediate action to mitigate it.
Henninger said in a statement to CNBC that the identity of the criminals is unknown, but the stolen data could be significantly profitable for smaller hedge fund companies trying to get a leg up into the industry. The espionage indication was given importance because criminals created a slight lag between the issuance and execution of the compromised trade – a strategy that may have provided a competing firm with an advantage in trading.
The hedge fund has lost millions of dollars over a period of 120 days from this attack, which was of the same nature as attacks on insurance companies in recent times; criminals hack the network, create unlawful policies, and file false claims to make profit. These attacks also cause reputation damage and undermine the hard-earned client trust over the years.
Such attacks rarely come under public notice, but this one was part of a wave of unseen cyber-criminal activities targeting hedge funds in the past few years.
The worrying aspect of the security breach is that hedge fund managers do not feel they are prepared to combat cyber threats, according to a survey by COOConnect. One third of 44 managers taking part in the survey said they did not conduct an annual data security assessment.
Mitigating cyber risks for hedge fund companies
The risk of reputation damage, loss of client trust and investor confidence makes financial institutions uncomfortable with the idea of reporting such attacks to law enforcement agencies.
Though regulators will be taking a closer look, hedge funds and other financial institutions themselves can take steps to safeguard their company networks and cyber identity.
This can be done with the help of online monitoring solutions and external cyber intelligence that products quality and accurate reports. Reputable cyber security firms realize the problems faced by financial firms to locate threats early enough to take proactive measures.
Solutions like Massive’s Cyber Task Force can work closely with internal security teams and communication division of financial institutions to effectively locate and shut down threats as soon as they are detected. Also, such solutions can be used to trace the root source of the attack – spear phishing in the case of the latest hedge fund attack.
Financial firms should always look for service providers who are ahead of the game in cyber media and protecting against cyber defamation. These are the alliances that give solution provides the back bone in mitigating threats.
Most hedge funds want to fix things and move on even after an attack has taken place, but neglecting the issue can lead to severe consequences in the future, including heavy fines and even business shutdown.