Securing the Vault: Cybersecurity Imperatives for Fund Managers

The financial landscape continues to undergo significant changes, with digital transformation playing a pivotal role. However, this evolution has brought challenges, notably the increasing sophistication of cyber threats. In the case of alternative investments fund managers, such a situation represents both sides of the coin: being able to use new technologies to improve their work while keeping internal information protected from the wrong hands.

The rise of deepfakes

Deepfakes, which use artificial intelligence (AI) to create hyper-realistic but fabricated content, represent a growing threat. Imagine a scenario where a malicious actor uses a deepfake to impersonate a fund manager during a video conference, authorizing fraudulent transactions or capital calls. This isn't just hypothetical. Deepfakes and AI-driven threats make their presence felt, thereby underlining the absolute need for cybersecurity. In 2019, a U.K.-based energy firm's CEO was tricked into transferring EUR 220,000 to a fraudster's account after receiving a phone call that used AI to mimic the voice of the company's parent firm's executive. More recently, a multinational lost USD 26 million to a deepfake video conference scam, according to Hong Kong police.

The importance of internal security measures

The sensitive nature of fund managers’ operations, which involve handling personally identifiable information (PII) and other confidential data, makes them prime targets for cyberattacks. Capital calls, investor onboarding and day-to-day transactions are all potential entry points for cyber threats.

Despite the advancements in secure digital platforms, many fund managers still default to email for transmitting sensitive data such as capital calls, investor details, and financial transactions. This practice opens a Pandora's Box of cybersecurity vulnerabilities. For fund managers and investment firms, relying solely on traditional methods like a "call back" to verify capital calls is no longer sufficient. While a call back can still serve as an additional layer of verification, it must be complemented by more secure, technology solutions.

To mitigate these risks, fund managers must implement stringent internal security measures. This includes multi-layer infrastructure defenses to protect against data-tampering attacks, continuous security assessment and monitoring, and regular penetration testing (PEN) with transparent results sharing.

Vendor security: ensuring a robust ecosystem

While internal measures are crucial, the security of third-party vendors is equally important. Utilizing virtual data rooms (VDRs) that prioritize security can significantly mitigate the risk of data leaks. SS&C Intralinks, for instance, sets a benchmark with its bank-grade security features, including 256-bit encryption, multi-factor authentication and continuous monitoring. These measures ensure that sensitive data remains protected, even in an interconnected world.

Fund managers should ask potential vendors critical questions about their cybersecurity practices:

• Do you have multi-layer infrastructure defenses?
• Do you offer 24/7 continual security assessment and monitoring?
• Do you allow PEN testing, and are you willing to share the unredacted results?

Choosing vendors that adhere to these rigorous standards can help fund managers minimize the likelihood of falling victim to cyberattacks.

Implications and predictions

As the digitization of the finance sector continues to evolve, integrating AI and other advanced technologies will become more prevalent. However, the success of these technologies hinges on a strong cybersecurity foundation. Fund managers who prioritize both internal and vendor security will be better positioned to capitalize on technological advancements while safeguarding their operations and investor trust.

Taking the next steps

To bolster their cybersecurity defenses, fund managers should proactively implement strategic measures. These steps encompass conducting thorough evaluations of both internal and vendor security protocols, allocating resources toward cutting-edge security solutions, and cultivating a mindset of constant awareness amid the f ongoing threats. By adopting these practices, they can safeguard the reliability and durability of their operations.

Fund managers must prioritize cybersecurity and embrace an all-encompassing cybersecurity strategy to protect sensitive transactions and uphold investor trust. By establishing rigorous standards for internal protocols and collaborating with trusted vendors, fund managers can fortify their operations to withstand the constant evolution of cyber threats.

Fund managers, get your copy of our Security Checklist to protect your next deal here.