Throughout its history as a company, Agio worked with hedge funds and private equity firms, gaining a vast amount of experience in regards to cybersecurity services designed to meet the safety needs of the financial organizations. Contrary to what one might thing initially, despite the fact that hedge funds are bigger entities than private equity firms, it’s the P.E. firms that pose more of a challenge when it comes to properly securing their operations, despite the fact that both types of financial institutions handle sensitive data as well as massive monetary assets.
While some people might think that complying with Security & Exchange Commission’s regulations is enough to ensure the safety of their firms or that due to the fact that they are smaller operations they might not be much of a target for hackers, the reality is that private equity firms have to go beyond SEC regulations in order to keep everything safe. There are certain aspects of their operations which puts them at risk and which are more difficult to secure.
Transactions made by private equity are generally a matter of public record and they list a key role in the firm by name. Hackers could take advantage of this information in order to design social engineering attacks in the form of pretexting, phishing or both in order to target back office personnel. Due to their first-hand knowledge of new transactions that take place, hackers could use the information to appear legitimate if, for example, a deal takes place in a different time zone. Agio says that these kinds of deals are usually not present at hedge funds.
The fact that private equity firms lean more towards using consumer devices (such as laptops and tablets) also puts them at risk, according to Agio. The hardware of the device can provide them security measures, but at the end of the day they lack the management tools that are generally found inside organizations (such as hedge funds) as part of physical security of the on-premise workstation. Agio suggests that hedge fund cybersecurity is evaluated on a business-wide scale.
Moreover, added to the list of risks is the usage of unstructured data. The employees at private equity firms tend to use unstructured documents such as PDFs or files created in Microsoft Excel, Word or PowerPoint in order to work on portfolio companies and their deals. In comparison, hedge funds systems have a focus on structure databases. Generally, cybersecurity solutions are less suited for unstructured data and better suited for the structured kind.
Personal identifiable information, banking information, and personal health information is stored by both hedge funds and private equity firms. However, what makers P.E. firms more attractive to hackers – and thus bigger targets – is the fact that P.E. firms also have access to data which is easier to monetize. In the event of a breach, a hacker could make a profit off of information acquired from a firm about mergers and acquisitions which affect public companies. In comparison, in the event of a security breach at a hedge fund, a hacker would have a more difficult time monetizing trading strategies or trade data.