Last year’s Sunburst cyber-attack against public and private organisations worldwide acted as a reminder of the growing sophistication of cybercrime and the need for solid cybersecurity.
In our recent specialist fund administration roundtable, panellists discussed cybersecurity and where vulnerabilities lie in the privates sector.
“The Sunburst attack was very interesting,” Noel Fessey, CEO of European Fund Administration, said. “I don’t think state resources were directly employed, but it was probably state-funded and state-backed through a sophisticated cyber-attack ‘house’.”
According to Fessey, who 20 years ago was the global head of IT security for Schroders, apart from intelligence-gathering, you have to get back to the basics of understanding “what your layered defensive arrangements should be”.
“These will depend on three pillars, one of which is technological, another is procedural and the final one relates to personnel. It’s the last which is perhaps the greatest vulnerability, because humans make mistakes.”
Fabrice Mas, head of PERA, Luxembourg, MUFG Investor Services, highlighted that cybersecurity technology these days is quite evolved.
“You have firewalls and lots of quite sophisticated things, but at the same time, you also have sophisticated attacks.
“When you look into cyber-attacks, you often discover that they found an entry point through people by creating trust. Then people download or click on something. Staff training is therefore key.”
Jervis Smith, country managing director, Luxembourg, Vistra, explained how last year Vistra launched an internal campaign – ‘Play your part, be cybersmart’.
“You just have to keep repeating the message, and you have to be vigilant around your people − the people who’ve got control of the keys to the ‘safe’ and control of the ‘keys’ as such,” he told panellists.
For Christian Heinen, managing director at IQ-EQ Luxembourg, being realistic is crucial when it comes to cybercrime and cybersecurity.
“We have grown significantly in recent years, organically and inorganically, but the bigger you become, the more exposed you become because you are a more interesting target,” he said.
“You can of course put in place the best IT team and we are also working with partners who simulate attacks and such like, but there are things that we cannot necessarily influence, such as the attack on SolarWinds in 2020.”
As Robert Brimeyer, managing director of Alter Domus Luxembourg, highlights, the reason why people engage in cybercrime is because it’s a very easy way to get access to money.
“Either they want to steal information to monetise it, or they just want to steal money. In our private markets industry, money flows in very big amounts and it’s easy to divert it if you use the weakness of people,” he said.
Stéphane Pesch, CEO of LPEA, added: “If the vulnerable point is people, you respond to that problem by educating and training them. You also watch out for behaviours and have the right systems on board, but certainly take external elements into account too.”
© 2021 funds europe