
Most read
‘Optimistic borrowers’ could endanger housing market, RBA says...
‘Optimistic borrowers’ could endanger housing market, RBA says...

Latest Podcast
Home values up 30% (or are they); NFTs taking the world by storm, and why Keatin...
Home values up 30% (or are they); NFTs taking the world by storm, and why Keatin...

Resources
There is $17.5 billion in lost and unclaimed super across ...
There is $17.5 billion in lost and unclaimed super across ...
Invest
Cyber threats growing in frequency, sophistication
Australian lenders and super funds have not yet suffered significant losses from a cyber attack, but they need to practice “continued vigilance” as attacks increase in frequency and sophistication.

Cyber threats growing in frequency, sophistication
Australian lenders and super funds have not yet suffered significant losses from a cyber attack, but they need to practice “continued vigilance” as attacks increase in frequency and sophistication.

The latest insight from the Australian Prudential Regulation Authority (APRA) has revealed that while Aussie banks, lenders, health insurers and super funds have not suffered significant hits from cyber attacks, they need to be constantly on alert.
“Institutions must recognise there is no ‘finish line’ for cyber risk management, which requires ongoing vigilance, improvement, investment and oversight,” APRA said, revealing that leaking of sensitive data and phishing attacks were major concerns,” the regulator said.
“Organised crime remained industry’s greatest cyber concern. In APRA’s view, entities must consider both external and internal threats, with internal threats able to more easily bypass perimeter and other controls. Vigilance over access management (particularly privileged access) and effective oversight of controls at trusted third parties and offshore locations is essential.”
It highlighted the six most common types of cyber attacks reported by APRA-regulated institutions and called for a “strategic focus on cyber resilience”.
Cyber attacks in which digital services are “overwhelmed” by fake requests, thus blocking legitimate users’ access and the use of ransomware and other malware were the most common attacks.
However, hacking of internet facing platforms in which attackers executed commands to create and delete files, leakage of sensitive data via employees’ external email addresses and phishing attacks also made the list.
“In one instance, online banking credentials used by an entity’s finance department were compromised,” APRA said about the phishing attacks.
“An unknown third party used these credentials to change recipient details for an existing payment, but ‘maker-checker’ controls detected the unauthorised change before payment was made.”
APRA argued that this highlights the importance of customer and staff awareness about cyber safety and the appropriate fraud stop loss controls.
However, the regulator also registered the uptake in cyber insurance policies. Seventy-four per cent of the entities surveyed had a policy while 17 per cent were considering taking up a policy in the coming year.
While some had liability limits in excess of $500 million, most limits tended to stay between $1 million and $100 million.
“Cyber risk management requires ongoing vigilance, improvement, investment and oversight,” APRA continued, warning that no entity can guard itself against “every conceivable threat”.
It called on entities to strengthen or establish preventative and detective measures grounded in intelligence and risk awareness.
“While cyber insurance is useful, it is an evolving area and cannot always redress the reputational and other damage resulting from a high-impact cyber incident,” APRA said.
“Basic cyber hygiene, including a disciplined approach to maintaining the health of information assets, vigilance regarding access management (particularly privileged access) and oversight of controls at trusted third parties, are essential so as not to undermine strategic security investments or unnecessarily increase risk.”
According to a survey by security software company CyberArk, 50 per cent of organisations did not "fully inform" customers of data breaches.
The survey, released in mid-December, also revealed that 53 per cent of Australian respondents do not believe the organisations they use would be "completely prepared for a breach investigation".
Additionally, 41 per cent of respondents said they didn't have a sufficient knowledge on organisations' security policies.
CyberArk regional director, Australia and New Zealand, Matthew Brazier said, “As we’ve seen in incidents at Yahoo!, Uber and more, companies have a tendency to downplay breaches either through complete non-disclosure of events, or by only partially disclosing the extent to which systems and data have been breached.
“If it continues, this approach will have tangible consequences in 2018. The Notifiable Data Breaches legislation comes into force from 22 February 2018, and with it considerable fines for lack of compliance."
The Notifiable Data Breaches scheme includes an obligation for organisations to notify individuals whose data was involved in a data breach, along with fines for compliance failures.
"What’s concerning about CyberArk’s findings is that poor security practices continue to be upheld, despite the increased awareness of cyber security risks and the prevalence of high profile cyber attacks in the headlines," Mr Brazier concluded.

Spending
Energy prices fall – how you can cash in on the $900m saving
Households are being urged to check the price they are paying for electricity after it was revealed that prices across the eastern seaboard have fallen significantly in the back half of 2020, official...Read more

Spending
Aussies choose to shop local in pandemic recovery
Australians are increasingly turning their attention to homegrown businesses and brands as they look to help the country recover from its first economic downturn in nearly three decades, new research ...Read more

Spending
Awareness of BNPL surges as consumers look for alternative credit
Consumer awareness of buy now, pay later services, including AfterPay and Zip, continues to grow as Aussies look for alternative ways to make purchases. ...Read more

Spending
Tap for Uber, share bike in world-first trial
The NSW government has announced that thousands of Sydney commuters will be able to pay for various modes of transportation through their Opal cards, receiving discounts in the process. ...Read more

Spending
‘Ultra-desirable’ Holden Torana up for auction
A piece of Holden motoring history is up for grabs this weekend, with nostalgic investors likely to spend upwards of $200,000 to secure the rare car. ...Read more

Spending
CBA takes on BNPL sector
The big four bank has launched a new buy-now-pay-later service in a bid to take on established players in the lucrative industry. ...Read more

Spending
Alcohol industry did not profit from the pandemic as was predicted
The COVID-19 pandemic was not the win for alcohol distilleries as previously predicted, with widespread fears about soaring alcohol consumption now proven baseless, new research has found. ...Read more

Spending
New car sales soar but EVs are left behind
Despite Australian consumers continuing to purchase new vehicles, EV sales have remained stagnant, new research has revealed. ...Read more

Home values up 30% (or are they); NFTs taking the world by storm, and why Keating thinks Aussies will be ‘poor’ in retirement
Listen now

Raging floods, the tech stock bubble and the ongoing SG debate
Listen now

Meet the Manager with Trilogy’s Philip Ryan: RBA rates and property price growth
Listen now

The continued property boom, ethical investing and engaging with your super fund
Listen now

Spending
Energy prices fall – how you can cash in on the $900m saving
Households are being urged to check the price they are paying for electricity after it was revealed that prices across the eastern seaboard have fallen significantly in the back half of 2020, official...Read more

Spending
Aussies choose to shop local in pandemic recovery
Australians are increasingly turning their attention to homegrown businesses and brands as they look to help the country recover from its first economic downturn in nearly three decades, new research ...Read more

Spending
Awareness of BNPL surges as consumers look for alternative credit
Consumer awareness of buy now, pay later services, including AfterPay and Zip, continues to grow as Aussies look for alternative ways to make purchases. ...Read more

Spending
Tap for Uber, share bike in world-first trial
The NSW government has announced that thousands of Sydney commuters will be able to pay for various modes of transportation through their Opal cards, receiving discounts in the process. ...Read more

Spending
‘Ultra-desirable’ Holden Torana up for auction
A piece of Holden motoring history is up for grabs this weekend, with nostalgic investors likely to spend upwards of $200,000 to secure the rare car. ...Read more

Spending
CBA takes on BNPL sector
The big four bank has launched a new buy-now-pay-later service in a bid to take on established players in the lucrative industry. ...Read more

Spending
Alcohol industry did not profit from the pandemic as was predicted
The COVID-19 pandemic was not the win for alcohol distilleries as previously predicted, with widespread fears about soaring alcohol consumption now proven baseless, new research has found. ...Read more

Spending
New car sales soar but EVs are left behind
Despite Australian consumers continuing to purchase new vehicles, EV sales have remained stagnant, new research has revealed. ...Read more