Opalesque Industry Update - The Hedge Fund Standards Board (HFSB), the standard-setting body for the
hedge fund industry, has held its first table top cyber-attack
simulation for hedge fund managers in London. The HFSB is custodian of
the Hedge Fund Standards, and is supported by more than 120 hedge fund
managers with $700 billion in aggregate assets. The objective of the simulation was to explore the response of hedge fund managers to three realistic cyber-attack scenarios: ·Data theft and leakage of internal sensitive data ·Financial infrastructure attack ·Crypto ransomware These scenarios were chosen to provide simple illustrations of key challenges for hedge fund cyber security professionals. The cyber-attack simulation event was attended by cyber security/IT experts, hedge fund COOs and compliance staff, and institutional investor due diligence staff. The key insights on cyber security arising from the simulation were: ·Confusion over responsibilities can prevent an effective response. Managers should not consider cyber security as just an “IT” issue, given the legal, compliance, investor relations and reputational issues involved. ·Certain types of cyber-attacks may exceed a manager’s internal response capabilities. Managers should be prepared to quickly access external legal and IT expertise. ·Preparation in advance, through a cyber security incident response plan, is important. This planning establishes responsibilities, pre-identifies external resources and speeds decisions should there be an actual incident.
This is the second large-scale initiative by the HFSB in the area of
cyber security, following the publication of the cyber security memo in
September 2015 in the HFSB Toolbox
Bill Trent, Managing Director at Stroz Friedberg, who was one of the
speakers, noted: “This attack simulation exercise has shown that dealing
with the technical aspects of cyber-attacks is often only a small part
of the overall response, and that the senior management of the firm
needs to be well-prepared to manage the aftermath of an incident.
Therefore, it is crucial that firms have an incident response plan in
place that is understood at a senior level and across the entire firm.
It is also important that firms do not overestimate their own
capabilities and seek external help when a serious breach occurs.”
The panel also discussed the legal considerations to be taken into
account when a breach occurs. This was particularly relevant in the data
breach scenario, where material non-public/market moving information was
inadvertently leaked.
One hedge fund manager, who attended the event noted: “This event has
been an eye-opener regarding the complexity when dealing with the
fallout from a cyber-attack, and very timely in light of the heightened
regulatory focus, including the SEC’s intention to test firms’
implementation of cyber security procedures and controls. We will
revisit our own approach based on the lessons learned.”
Thomas Deinet, Executive Director of the HFSB stated: “This is the
second large-scale initiative by the HFSB in the area of cyber security,
following the publication of the cyber security memo in September 2015.
Simulation exercises are a very powerful approach to sharpen one’s
understanding about how incidents can unfold. We encourage managers to
revisit the HFSB Cyber Security Memo for helpful guidance.”
The roundtable was hosted by Stroz Friedberg who shared their “war
stories” and moderated the attack scenarios. The HFSB is planning to
hold a similar event in New York for its North American stakeholders in
March 2016.
|
Industry Updates
Hedge funds test their response to three cyber attack simulations
Tuesday, January 19, 2016
|
|