Three British asset management firms were recent victims of an elaborate cyber attack that fraudulently induced them to wire $1.3 million, of which nearly $700,000 was never recouped. The hackers used cultural engineering through multiple phishing campaigns spanning several months to exfiltrate credentials, mimic a fake investment in a startup and redirect communications in real time to trigger the wire transfer. The recent rise of highly sophisticated cultural engineering attacks against fund managers has raised concerns in the industry, including prompting the SEC to issue a recent risk alert on the topic. To attain a clearer understanding of cultural engineering attacks and how to prevent them, the Hedge Fund Law Report interviewed Mark Sangster, vice president and industry security strategist at eSentire Inc. This article explores how cultural engineering is a sophisticated outgrowth of social engineering attacks, provides examples of attacks against fund managers, describes why the private funds industry is uniquely vulnerable to those attacks, details measures managers can take to prevent attacks from occurring and proposes ways to mitigate the harm from an attack. See “Six Ways For Fund Managers to Prepare for the SEC’s Focus on Cybersecurity and Resiliency
” (Apr. 30, 2020).