Powered by MOMENTUM MEDIA
Powered by momentummedia
nestegg logo

ROOT

Australia’s banks may be more vulnerable to cyber attacks than you think

  • October 22 2021
  • Share

ROOT

Australia’s banks may be more vulnerable to cyber attacks than you think

By Fergus Halliday
October 22 2021

Australia’s banks are increasing their investments in cyber security, but research suggests that many financial institutions continue to overlook the basics.

Australia’s banks may be more vulnerable to cyber attacks than you think

author image
  • October 22 2021
  • Share

Australia’s banks are increasing their investments in cyber security, but research suggests that many financial institutions continue to overlook the basics.

cyber attacks

An analysis by cyber-security company Proofpoint has concluded that significant swathes of Australia’s financial sector may be wide open to even basic cyber attacks.

Pointing to a recent warning by the Reserve Bank of Australia (RBA) that future cyber threats are inevitable, Proofpoint ANZ area vice-president Crispin Kerr warned that such attacks have the potential to upset the broader balance of power within Australia’s financial sector.

“As highlighted by the RBA in its latest Financial Stability Report, risks from cyber attacks are on the rise and, given the potential network effects, they are also a growing risk for financial stability,” Mr Kerr said.

Advertisement
Advertisement

According to Proofpoint’s data, 44 per cent of APRA-registered, Australian-owned authorised deposit-taking institutions (ADIs) had no domain-based message authentication, reporting and conformance (DMARC) record in place.

cyber attacks

DMARC is a common email validation protocol used to prevent domain names from being misused, as it authenticates the senders’ identity before delivering any messages.

Proofpoint concluded that this leaves the remaining 56 per cent particularly vulnerable to email fraud and domain impersonation threats.

Mr Kerr insisted that DMARC remains the only sure way to eliminate domain spoofing.

“Those financial services organisations that have the strictest level of DMARC implemented will achieve higher success rates in blocking malicious threats and stopping fraudsters from impersonating their brands, potentially saving these financial institutions millions of dollars in the process,” he predicted.

Of the Australian ADIs that Proofpoint said had a DMARC record, less than 10 per cent were fully compliant.

Mr Kerr said that this was concerning, as email continues to be the weapon of choice for financially minded cyber criminals.

“Threat actors typically conduct attacks via email by impersonating trusted brands such as banks using the correct logos, format, and wording, mimicking communications to customers, partners and suppliers that might be expected from that organisation,” he explained.

Forward this article to a friend. Follow us on Linkedin. Join us on Facebook. Find us on X for the latest updates
Rate the article

About the author

author image

Fergus is a journalist for Momentum Media's nestegg and Smart Property Investment. He likes to write about money, markets, how innovation is changing the financial landscape and how younger consumers can achieve their goals in unpredictable times. 

About the author

author image
Fergus Halliday

Fergus is a journalist for Momentum Media's nestegg and Smart Property Investment. He likes to write about money, markets, how innovation is changing the financial landscape and how younger consumers can achieve their goals in unpredictable times. 

more on this topic

more on this topic

More articles