5 Ways to Improve Your Hedge Fund’s Cybersecurity
Financial institutions are 300 times more likely to be attacked than other industrial sectors, according to BCG. Accenture pegs the average cost of cybercrimes per company in finance is $18.5 million, 40% more than other industries. This increased focus on financial institutions makes cybersecurity mandatory, not optional.
#1: Don’t Let Your Cyber Tools Gather Dust
Investing in sophisticated cybersecurity software without having the time and resources to utilize is a waste. Cipher experts can manage your unique suite of cybersecurity software 24×7. Tools like Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Next-Generation Antivirus (NGAV) can stop threats, but require a specific skill-set to properly use.
#2: Patch Like Your Security Depends on It
Hackers are constantly identifying new exploits in software. In turn, software companies regularly release patches to fix the vulnerabilities. Identifying and installing patches is critical. Cipher publishes an overview of vulnerabilities and patches available on a regular basis in our Security Bulletin. Use that to get informed and patch manually or use vulnerability management software in more complex environments.
#3: Put Your Defenses to the Test
Put your network and systems to the test by conducting penetration testing on a regular basis, and fixing gaps found. Cipher emulates sophisticated attack scenarios. Each penetration test scenario is different. The scope and details will be determined with your vendor.
#4: Go Beyond IT to Comply with Regulators
Regulations and laws, such as PCI, SOX, and NYDFS Cybersecurity can be the foundation of a secure company. Involve people from different parts of the company in the process of compliance. Every person in a hedge fund likely uses a computer, so every department should be involved in complying with regulations and laws.
#5: Don’t Let Humans Be the Weak Link
Humans are the threat vector behind many cyber attacks. Ensure your employees are aware of cybersecurity best practices. A single phishing email can take an entire company down. Tools mentioned above can mitigate the risk, but having employees follow best practices on everyday safe computer use is the first line of defense.