The Securities and Exchange Commission (SEC) announced that 2016 would be a year for US regulators to focus on security against cyber attacks. Last year saw an upward trend in more sophisticated attacks against financial entities, which prompted SEC to highlight some of its new initiatives to improve on security and privacy protection.
Hackers have specifically targeted financial firms for its huge amounts of data and personal identifying information that can obtain. It’s also a means for attackers to steal data and make ransom demands.
Old financial institutions often have older infrastructure that isn’t protected from newer threats. SEC looks to improve data security for these institutions and urges hedge fund managers to be on alert for possible attacks.
Another trend within the hacking community is targeting specific high-end managers or executives. Instead of delivering a payload to as many employees as possible within an organization, hackers are using social engineering attacks to target upper management personnel to gain access to sensitive information and more high level privileges.
To obtain a benchmark on how well hedge fund managers could handle a cyber attack, the Hedge Funds Standards Board held exercises in London. Thirty companies attended the simulated attack exercises. The results showed that most managers were not able to defend against an attack.
With poor infrastructure and employee awareness, hedge fund managers are ripe for an attack. The issue is more than just the data loss and financial risk. An attack could also lead to reputation loss and poor media exposure. Investors have recently considered security and data protection as a deciding factor for allocating money into hedge funds.
Security analysts have also indicated that companies must put more into security than just protection and privacy defenses. They also need to prepare disaster recovery plans, incident response documentation, and provide awareness training for staff at all levels including senior level. As soon as staff has a better understanding of social engineering and the red flags behind phishing emails, they can better alert security managers and avoid causing a major incident.
SEC also performed a survey on 100 financial companies in 2013 and 2014. The survey showed that 88% of brokers and dealers and 74% of investment advisors had experienced a cyber attack at some capacity.
As SEC continues to focus on improved security, its initiatives could change the way the financial market secures its infrastructure and data.