security

Super funds beef up tech security amid tighter APRA checks – Investment Magazine


Super funds have tightened security controls and surveillance systems to protect members’ data against breaches amid tighter scrutiny by the financial regulator after last year’s cyber attacks on Optus and Medibank resulting in the theft of customer data.  

APRA has prioritised cyber resilience among banks, insurers and super funds as a key area of supervision this year. “Operational resilience, including cyber preparedness, continues to grow in importance as a supervisory priority, with the significant data breaches at Optus and Medibank late last year underscoring just why,” APRA chair John Lonsdale said. The regulator has had recent discussions with super fund trustees on this risk.  

Chris Davies

Cyber security is a key priority. This is an area we’re constantly evolving in line with the threat landscape, particularly in relation to identity management,” TelstraSuper chief executive Chris Davies tells Investment Magazine.  

“Following widespread cyberattacks in the community, we are currently implementing additional measures to help protect and safeguard accounts.” 

These extra safeguards include performing additional security and verification checks when members transact on their accounts, requesting additional security verification details from members when they call the fund and providing members with the option to add additional security questions to their account when they call.  

As a result of the Optus and Medibank attacks, Australian Retirement Trust brought forward the regular penetration test of its network perimeter to probe for vulnerabilities says chief technology officer Rod Greenaway.   

Rod Greenaway

“We are [moving forward with]… continued awareness campaigns with our team members, our incident response plans and prioritising investment in our digital fraud prevention technologies, with a focus on detection and response in the event of suspicious activity.”  

Readers Also Like:  Windows 10 22H1 systems will be upgraded to 22H2 automatically - Ghacks

ART has imposed two-factor authentication, access controls, fire walls, virus scanning, encryption and regular security training for staff as well increased security measures for members such as password protection and additional checks for withdrawal activity.  

Increased investment 

The funds Investment Magazine spoke to said they were investing in technology security. Though all declined to give dollar figures, UniSuper said its budget grew by 30 per cent this year.  

Vijay Krishnan

UniSuper has a 25-person strong technology security team and security operations is outsourced to a third-party provider on a 24/7 basis. It has deployed multi-layered controls to protect sensitive information and increased member awareness through bulletins and call centres.  

UniSuper head of information security Vijay Krishnan says the biggest change since last year has been the increased focus from the board and senior management which has resulted in more information sharing on how the fund is managing the increased risk.

Felicia Trewin

AMP similarly has introduced extra security controls to verify identity and frequent review of security logs to detect and block suspicious activity on member accounts, according to AMP chief technology officer Felicia Trewin.

“Protecting our customers and members from cyber risks is a major focus for AMP and an area where we continue to invest to ensure best practice,” she says.  

AMP also works with the Australian Cyber Security Centre, law enforcement and threat intelligence organisations.  

 Reputational risk 

Spirit Super reported some 50,000 members were hit by a data breach last May due to a phishing attack, underscoring how vulnerable super funds are to cyber attacks and reputational risk.  

Readers Also Like:  South Korea's Yoon warns against Russia-North Korea military cooperation and plans to discuss at UN - ABC News

“We need to safeguard our members data as any misuse may impact them for life. Any breach is just not about the loss of money but the loss of reputation,” UniSuper’s Krishnan says.  

Michael Swinsburg

As the competition for member growth intensifies, reputation is critical for funds to raise their profiles says Michael Swinsburg, managing partner – Australia at executive search firm Alexander Hughes, who advises wealth managers and super funds on senior executive recruitment include chief technology officer roles.  

“No one wants to be a news headline for a cyber breach like Medibank. This would be more damaging to member confidence and fund reputation than poor performance on the YFYS benchmark test,” he says.     

 The breaches at Optus and Medibank are only a fraction of the security attacks reported. UniSuper encounters billions of attempts on its systems through automatic bots looking for vulnerabilities according to Krishnan, highlighting the enormity of the issue.  

 “The breaches at Optus and Medibank are only the tip of the iceberg. There would be security events happening almost every day,” he says.  

 



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.