POWERED BY MOMENTUM MEDIA
APRA warns on firms’ cyber security protections
The Australian Prudential Regulation Authority (APRA) has written to its regulated entities to reinforce the importance of multifactor authentication to protect sensitive data from cyber attacks.
Earlier this year, NGS Super was subject to a cyber attack that resulted in limited data being retrieved from its systems and the regulator wanted to ensure all entities were suitably protected.
In an open letter, Alison Bliss, general manager for operational resilience, cross industry division, told APRA-regulated entities that it was a “material security control weakness” if firms failed to comply.
“The recent spate of high-profile cyber attacks in Australia are a timely reminder to APRA-regulated entities to remain vigilant and to continue to take steps to reduce the likelihood and impact of cyber attacks,” Bliss said.
“Multifactor authentication (MFA) is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information.”
She recommended MFA to include:
- User IDs and passwords/credentials
- A security token, phone, or other devices in the person’s possession used for the generation of a one-time password or code
- Retinal scans, hand scans, voice scans, or other biometrics
The letter had been prompted by APRA’s supervisory activity noting there were ‘gaps in its implementation’.
“APRA has noted examples where MFA for customers has been deployed on an opt-in basis, or where exceptions have been granted for customers without mobile phones or located in areas without reliable phone reception. Other examples include remote access being provided for third-party staff without associated MFA,” Bliss said.
“APRA expects APRA-regulated entities to review the coverage of MFA in their operating and technology environments. Where gaps in the coverage of MFA have the potential to materially affect, financially or non-financially, the entity or the interests of depositors, policyholders, beneficiaries or other customers, APRA would consider this to be a material security control weakness, and under paragraph 36 of CPS 234 require an entity to notify APRA.”
AUTHOR
Laura Dew
Laura Dew is editor at Super Review. Prior to joining SR, she spent five years working at Investment Week in the UK covering asset and wealth management.
Recommended for you
Jim Chalmers has defended changes to the Future Fund’s mandate, referring to himself as a “big supporter” of the sovereign wealth fund, amid fierce opposition from the Coalition, which has pledged to reverse any changes if it wins next year’s election.
In a new review of the country’s largest fund, a research house says it’s well placed to deliver attractive returns despite challenges.
Chant West analysis suggests super could be well placed to deliver a double-digit result by the end of the calendar year.
Specific valuation decisions made by the $88 billion fund at the beginning of the pandemic were “not adequate for the deteriorating market conditions”, according to the prudential regulator.
TOP PERFORMING FUNDS
ACS FIXED INT - AUSTRALIA/GLOBAL BOND
Fund name
3y(%)pa
1
Spire Oaktree Opportunities XI Second Close
61.07 3 y p.a(%)
2
Spire Oaktree Opportunities XI First Close USD
59.21 3 y p.a(%)
3
DomaCom Lot 21 Chellaston Road Munno Para West SA 5115 Australia
31.56 3 y p.a(%)
4
Fidante Credit Suisse Global Private Equity
31.06 3 y p.a(%)
5
DomaCom 4/27 Crombie Avenue Bundall QLD 4217 Australia
26.81 3 y p.a(%)
