AI-based risk monitoring protects individuals
Technology risk cannot be underestimated, especially in today’s regulatory environment where GDPR rules place a heavy burden on securely protecting and storing personal data. Yet establishing a technology risk framework tends not to be a top priority for some hedge fund and private equity managers.
However, those who do take it seriously are moving their security posture beyond merely protecting the four walls of their organisation and more towards protecting the individual, cognisant that reputational damage – largely as a result of human behaviour – is only ever just round the corner. This mobile first thinking pushes managers to look and more forward thinking technology partners focus not on traditional solutions but evolving and next generation technology.
“People used to use a proxy that would sit on or within a firewall at their office, now we use (or certainly should use) products that sit hidden on the endpoints of their network and mobile devices to monitor web traffic on their laptop and user activity, no matter where it is in the world,” says George Ralph, Managing Director of RFA, a leading technology consulting group which offers a comprehensive range of IT services to alternative fund managers.
RFA has long been aware of this trend towards individual security and last year developed a sophisticated AI-based intrusion detection and prevention monitoring tool, called MDR (Managed Detection and Response). Rather than operating statically in a single environment like some intrusion detection systems, and which rely on humans to read the data logs to see if any suspicious activity has occurred on the network, RFA’s solution lets the machine do all the work.
“Our solution puts data collectors on the end points of the network and monitors the typical behaviour of each user. The AI component makes continuous decisions and generates alerts, if it notices something suspicious when monitoring the data logs, in extreme cases it will block the device and have the user call us (rather than the other way round).
“One client tested this system alongside a couple of other high-profile software providers where the portfolio manager deliberately started downloading a series of spreadsheets. The two other software systems did nothing because they did not consider it malicious behaviour, whereas our system blocked his machine immediately as it was unusual behaviour,” says Ralph.
Whereas a traditional IDS is designed to monitor network activity within the office, RFA’s solution goes beyond the network perimeter and is always with the individual, constantly monitoring traffic and generating alerts; be they at home on their laptop or travelling across the globe.
RFA provide a number of cyber solutions including user training through to certified data security audits and risk management implementations – however, they know that users still make mistakes and having an institutional grade security solution like this to catch mistakes is crucial.
Ralph says he is still amazed how many people still do not understand the value of technology protection.
“When we start working with emerging and new managers to the RFA programme, we try and give them the basic facets of what they need from a technology risk perspective. As their AUM grows, that framework has to evolve. At each stage of their AUM growth, we will come in and advise them on what additional elements to implement and then update their written information security policies.
“We also take on managers from existing IT providers who have never been given any advice and never had any meaningful level of engagement. The first thing we do is conduct a survey of the client’s IT infrastructure. If there are major gaps in their technology from a security perspective, we prioritise the highest risk items and implement a solution,” explains Ralph.
RFA has enjoyed a 70 per cent growth in 2018 across Europe. In the UK alone it now has a team of 50 staff, servicing 110 clients with their Luxembourg office growing at a similar rate. Monitoring staff cyber behaviour is likely to continue to increase, thanks to tools like those developed by RFA and other technologists which are leveraging the power of AI to detect when organisations might be at threat not just from external threat actors but their own employees.
“People still don’t perform phishing training exercises because they assume it’s too expensive yet it equates to approximately GBP75 per person per year,” exclaims Ralph.
“As consumers of tech we are very focused on convenience – this is why we developed our own GDPR compliant data tools to enable secure offline access rather than simply recommending off the shelf products – as technology guides we have to ensure that security is taken seriously but without taking away convenience, anything you take away has to be replaced with something equal convenient or better.
“We have a system which, similar to the MDR system referred to above, marks an employee who will be leaving the firm as a ‘sensitive user’. Before they leave, if they start changing their emails in the office or asking for file permission changes, the system will raise an alert.
“However, when fund managers implement tools such as this, they have to be very clear in their policies that everyone in the firm is being monitored.”
Going forward, individuals are likely to be increasingly monitored, even when working at home, as organisations look to stay one step ahead of technology risk in all its myriad forms.