Phishing attacks biggest cybersecurity threat

25 May 2021
| By Chris Dastoor |
image
image
expand image

Business email compromise (BEC), otherwise known as “phishing” attacks, is the most common and most serious cybersecurity issue for superannuation funds, according to a whitepaper from financial services technology provider SS&C Technologies. 

“The most valuable commodity on the dark web is sensitive, confidential client data, what security experts call personally identifiable information or PII,” the whitepaper said. 

“In the PwC 2018 Global State of Information Security survey for Mainland China and Hong Kong, customer records were the most commonly acknowledged target of security infractions.  

“Superannuation funds also hold valuable trade secrets, such as proprietary research or trading algorithms, which could cause serious financial and reputational damage if compromised. 

“And of course, there are the fund assets themselves – sophisticated thieves are not merely after data, but are employing nefarious means to steal money from funds, the financial gain is among the top motivators for a cyber-attack. 

“Apart from these direct risks, Superannuation funds also face regulatory pressure to make sure they have security controls and incident response plans in place.” 

The whitepaper said in early 2019, an email began circulating among fund firms that appeared to be from a legitimate researcher. 

“It referred to rumours that the European Securities and Market Authority was considering suspending short selling under Brexit, and offered a briefing document on the topic,” the whitepaper said. 

“When recipients clicked on the link to obtain the briefing, they were greeted with a blank page, raising suspicions that the email was planting malware in the firms’ systems. 

“Those fears were exacerbated when the purported attacker boasted about having compromised several firms in an online forum, and threatened more.” 

Anthony Caiafa, SS&C chief technology officer, said the company had invested heavily in security measures. 

“Including the deployment of a global Security Information and Event Management (SIEM) system to gather threat intelligence from a variety of sources and correlate it with our systems internally to ensure we have a secured environment,” Caiafa said. 

“We have also partnered with an industry leading provider of email protection solutions to flag and block suspicious emails and spam. 

“Whether this “phishing” attempt was an actual cyber-attack or an elaborate hoax, as some suspect, it nonetheless underscored the vulnerability of funds to cyber threats.” 

Read more about:

AUTHOR

Recommended for you

sub-bgsidebar subscription

Never miss the latest developments in Super Review! Anytime, Anywhere!

Grant Banner

From my perspective, 40- 50% of people are likely going to be deeply unhappy about how long they actually live. ...

11 months ago
Kevin Gorman

Super director remuneration ...

11 months 1 week ago
Anthony Asher

No doubt true, but most of it is still because over 45’s have been upgrading their houses with 30 year mortgages. Money ...

11 months 1 week ago

Jim Chalmers has defended changes to the Future Fund’s mandate, referring to himself as a “big supporter” of the sovereign wealth fund, amid fierce opposition from the Co...

1 day 3 hours ago

Demand from institutional investors was the main driver of growth in Australia’s responsible investment (RI) market in 2023, as the industry continued to gain momentum....

1 day 3 hours ago

In a new review of the country’s largest fund, a research house says it’s well placed to deliver attractive returns despite challenges....

1 day 4 hours ago