APRA declares cyber-security gaps tolerance ‘by no means | Australian Markets
The Australian Prudential Regulation Authority (APRA) has declared that its tolerance for gaps or weaknesses with respect to cyber security within main financial establishments has by no means been decrease.
In doing so, the regulator has flagged that it is going to be finishing up a sequence of prudential critiques into entities’ compliance with new, harder cyber security necessities, beginning with vital financial establishments.
APRA chair, John Lonsdale has used an tackle to the Australian Banking Association (ABA) to level to the latest assaults on main superannuation funds to warn banks that they can not “afford to be complacent or assume they don’t have similar vulnerabilities”.
In doing so, he pointed to the use of third-party suppliers and the potential for vulnerabilities.
“On cyber risk, one of the most pressing issues is weaknesses in authentication controls, an issue that was highlighted by the credential stuffing attacks on several superannuation funds that emerged in April,” he mentioned. “This issue prompted a heightened focus by APRA on how trustees are managing cyber security, however banks can’t afford to be complacent or assume they don’t have similar vulnerabilities.”
“APRA’s prudential standard on information security, CPS 234, requires entities to have controls commensurate with the threat environment, and this is something all entities must continue to review as the cyber threat environment worsens.”
“On operational risk more broadly, the increasing reliance on third party service providers continues to be a growing vulnerability that entities must manage. Events such as the Crowdstrike outage last year and the more recent targeting of Qantas customer data through a third-party servicing platform show how third-party weaknesses can lead to significant operational risks,” Lonsdale mentioned.
The APRA chairman famous that back in 2019 the regulator had warned that a vital cyber incident impacting banks, insures or super funds was a matter of ‘when’, not ‘if’.
“With the recent hacking of multiple major superannuation funds, that has indeed come to pass. To date the impact on customers has been relatively limited at an entity and system-level but, amid the ‘perfect storm’ of factors I referred to earlier, entities must continue to be vigilant,” he mentioned,.
“With a lot at stake, our tolerance for gaps or weaknesses in how these dangers are being managed has by no means been decrease.
“With CPS 230 now in impact, we will likely be finishing up a sequence of prudential critiques into how entities are complying with the new normal, beginning with vital financial establishments earlier than extending critiques to non-SFIs.
“On cyber, we see a need for continued focus on baseline resilience across all APRA-regulated industries and will be conducting further reviews to understand how entities are meeting the requirements of CPS 234.”
Stay up to date with the latest news within the Australian markets! Our web site is your go-to source for cutting-edge financial news, market trends, financial insights, and updates on native trade. We present each day updates to make sure you have entry to the freshest data on Australian stock actions, commodity costs, currency fluctuations, and key financial developments.
Explore how these trends are shaping the long run of Australia’s economic system! Visit us frequently for essentially the most participating and informative market content material by clicking right here. Our rigorously curated articles will keep you knowledgeable on market shifts, investment methods, regulatory adjustments, and pivotal moments within the Australian financial panorama.
