This year the SEC proposed new requirements to address risk due to increasing reliance on connected information systems and “the risk that a significant cybersecurity incident can simultaneously impact multiple Market Entities causing systemic harm to the U.S. securities markets.”1
Alternative investment firms and hedge funds increasingly face a range of threats that directly target firm infrastructure including malware, ransomware, account compromise or takeover and phishing. Additionally, firms rely on third-party financial and trading platforms to conduct activities. However, configuration changes, and signature and software updates issued by the providers can trigger false positives in endpoint protection solutions, which in turn can lead to quarantining of trading platform components, causing operational disruptions and overhead.
“Firms go to great lengths to ensure their security stack provides robust protection and aligns to SEC and FINRA cybersecurity requirements,” said Michael Gorelik, Chief Technology Officer at Morphisec. “However even with industry-standard solutions like EPP and EDR in place, third-party software can produce system performance issues and lead to missed or undetected threats.”
Financial services software and trading platforms like Bloomberg Terminals, Eikon (by Refinitiv), Factset and others are critical to hedge fund trader performance—system downtime takes traders offline and can cost firms millions of dollars, depending on market volatility. Downtime also creates data integrity issues within trading platforms, creating multi-day disruptions, missed customer SLA and reputational damage.
According to the Chief Information Security Officer at a leading US-based hedge fund— “If an attacker successfully hacks our workstations, or Bloomberg Terminals, they’d have full access to the firm’s critical infrastructure, which would be devastating.”
Financial platforms are often accessed through dedicated private line infrastructure that effectively bypasses firewall and other perimeter security solutions, thereby increasing risk.
The CISO views Morphisec as “the perfect solution for business-critical applications that cannot tolerate downtime, residing in protected networks, as it doesn’t need signatures or online connectivity to operate.”
Morphisec protects more than nine million endpoints across more than 5,000 global customers including financial institutions, banks, alternative investment funds and hedge funds. Security professionals and industry analysts can read the full case study by visiting: https://www.morphisec.com/hubfs/Global_Hedge_Fund_Case_Study.pdf
[1] U.S. Securities and Exchange Commission. (2023, March 15) SEC Proposes New Requirements to Address Cybersecurity Risks to the U.S. Securities Markets [Press release].
https://www.sec.gov/news/press-release/2023-52
About Morphisec
Morphisec provides prevention-first security against the most advanced threats to stop the attacks that others don’t, from endpoint to the cloud. Morphisec’s software is powered by Automated Moving Target Defense (AMTD) technology, the next evolution of cybersecurity.
AMTD stops ransomware, supply chain attacks, zero-days, and other advanced attacks. Leading analysts indicate that AMTD is the future of cyber.
AMTD provides an ultra-lightweight, Defense-in-Depth security layer to augment solutions like NGAV, EPP and EDR/XDR, closing the runtime memory security gap against undetectable cyberattacks with no performance impact or extra staff needed. Over 5,000 organizations trust Morphisec to protect nine million Windows and Linux servers, workloads, and endpoints. Morphisec stops thousands of advanced attacks daily at Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center, and many more. Learn more at www.morphisec.com.
Media Contact
Michael Gerard, Morphisec, 1 (617) 775-1282, [email protected], www.morphisec.com
SOURCE Morphisec
