Major institutional investors are waking up to the growing threat of attacks by hackers as a fundamental risk to their organisations.

The likes of Australia's Future Fund, the New Zealand Superannuation Fund and China Investment Corporation have set out to AsianInvestor how they are fighting back. But other institutions are more coy on their plans—a sign, perhaps, that they haven't yet gone far enough to build their defences.

AsianInvestor spoke to Musheer Ahmed of the Hong Kong FinTech Association to gather thoughts on the severity of the threat, and what institutions can do to fight back. 

Q  What are the most dangerous forms of cyber-attack that institutional investors are susceptible to?

When it comes to Institutional investors, Phishing, DDoS, and Ransomware are quite dangerous.  They not only cause monetary damage, but in the case of DDoS and Ransomware, they lead to disruption in services and damage to reputation 

Q  Do asset owners, in your experience, generally appreciate the risk, or are they leaving themselves open to attack unnecessarily?

They are quite aware of the risks and do appreciate the potential damage. It’s more a question of how sophisticated their defenses against cyber-attacks are, considering the rapidly evolving nature of malware and hacks.

Q  What can they do to protect their assets and data from attack?

Prevention and constant monitoring of their systems is the key. Having a rapid response plan in place and doing tests after changes in software and systems is important to minimise the impact of any attacks. Additionally, ensuring data encryption and multi-level authentication can help them better protect their data. Educating staff to ensure there is a good level of cyber risk awareness can be a significant benefit to organisations, as many cyber-attacks are initiated following a mistake made by an ill-informed employee.

Q  Is it becoming harder to defend against cyber? 

Hackers and cybercriminals are constantly on the lookout for vulnerabilities. Many attacks have their roots in low level intrusions and snooping of systems through cookies and spyware. With the development of artificial intelligence and the establishment of dynamic botnets, it is much harder to have strong defences against all attacks. Successful defence strategies now need both IT and business to work together. 

Q  What role can government and regulators play in fighting cyber-crime?

Besides having guidelines for cyber security, it is important that governments and regulators help firms to collaboratively combat the threats and to have best practices in place for IT teams to implement on cybersecurity. Governments also need to ensure that universities have courses focused on cyber security to help address the acute shortage of qualified cyber security professionals in Asia.