Financial services firm can do lot to prevent “a digital Pearl Harbor” caused by cyber fraud and effective ways to combat such attacks were the focus of a session at FTF’s 5th Annual Hedge Fund Operations & Technology Conference, held yesterday in New York.
In their session, David Z. Bodenheimer and Linda Lerner, two anti-fraud lawyers from the Washington, D.C.-based Crowell & Moring, made the case that cyber fraud is real and could be fatal for many firms. In past posts, I have stressed how the industry has been warned via cyber-attacks earlier this year on the websites of Nasdaq OMX, Bats Trading, the Chicago Board Options Exchange, two Brazilian banks—Itaú Unibanco and Banco Bradesco, and Bursa Malaysia, among others.
But cyber fraud can hit home rather easily. For instance, a firm’s executives or research staff working remotely on clients’ files via Wi-Fi could easily be hacked and valuable client data could be stolen. A hacker could break into a firm’s network, view trades in process and via colocation front run the transactions. Firms could also lose terabytes of data and hundreds of millions of dollars in outright theft.
Sadly, many firms may not even have a security plan in place for when the worst happens, which will not only expose them to great damage, but spawn excruciating lawsuits and the wrath of traders.
“Traders will kill you if you don’t have a solution ready in two seconds [after a cyber attack],” says Lerner. “You also have an obligation and it would be smart [for hedge funds] to test your fund administrators.”
In fact, all firms should test the anti-cyber fraud capabilities of their third-party providers. Another tactic is to hire “ethical hackers” who can help develop and test a security program, says Bodenheimer. “That absolutely makes sense as part of a security system.”
Bodenheimer and Lerner also outlined what all firms must keep in mind as they take action to prevent cyber fraud:
- The main focus of any security program should be what poses the biggest risk to the firm—the most important secrets and most sensitive information about clients and the firm. Anything that could bring down your firm if exposed has to be shielded.
- Make certain you have the technology and 24/7 hot sites in place to protect your firm from cyber fraud.
- The leadership for an anti-cyber fraud strategy has to come from the top; IT and field staff should not be driving the process. Firms should involve the CFO, other executives and the heads of IT, compliance, legal and research.
- Be fully aware of the economic impact of a devastating act of cyber fraud; the average cost of a clean-up is $6 million to $7 million. However, that is the tip of the iceberg. A security breach could cause a firm to lose its crown jewels and suffer a fatal blow to its reputation that puts it out of business.
Bodenheimer and Lerner note that the federal government is aware of the serious threat posed by cyber fraud. In fact, two bills, one from the Senate, favored by Democrats, and another from the House, favored by Republicans, are taking aim at the problem. The Senate bill proposes to give Homeland Security the right to fine companies that do not apply preventative, anti-cyber fraud technologies while the House bill steers clear of new regulation and pushes for information sharing about cyber fraud. It’s unclear whether either bill or a combination thereof will become law.
But firms do not have the luxury to wait for Washington and must take action as hackers have no intention of giving up.
Need a Reprint?
Leave a Reply