Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

APRA received 36 infosec breach notifications from financial services boards

November 8, 2019
in Internet Security
APRA received 36 infosec breach notifications from financial services boards
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The Australian Prudential Regulation Authority (APRA) has received 36 incident notifications from boards of financial services firms in the four months since its new security reporting standard came into play.

The CPS-234 Information Security standard requires boards of APRA-regulated entities to be responsible for ensuring that the entity maintains its information security.

You might also like

Brave browser disables Google’s FLoC tracking system

These new vulnerabilities put millions of IoT devices at risk, so patch now

Who do I pay to get the ‘phone’ removed from my iPhone?

Under the requirement, regulated entities are to notify APRA as soon as possible and, in any case, no later than 72 hours, after they become aware of an information security incident.

APRA executive board member Geoff Summerhayes told the Cyber Breach Simulation Australia (CyBSA 2019) conference in Sydney on Thursday that the requirement has already helped to provide APRA with additional insights into the scale and nature of the threats faced by regulated entities.

Of the 36 notifications, Summerhayes said many were data breaches involving the disclosure of personal information as a result of human error, such as accidental disclosure where an employee emailed a spreadsheet containing customer information externally.

“Others, more ominously, involved a compromise of staff or customer credentials resulting in the unauthorised manipulation of records, website defacement, and fraud,” he said, later calling them “relatively minor”.

Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia

“It’s important to note that APRA’s regulated flock would have been subject to vastly more attempted cyberattacks. These are just the ones that succeeded — and that we know about.”

Summerhayes said the number of incidents is not a cause for undue alarm, however, given there is a reporting population of almost 600 entities.

He said the financial sector broadly handles infosec incidents well, but said that APRA has also observed areas of common weakness, many of which the regulator has called out repeatedly.

“For example, we have identified basic cyber hygiene as an ongoing area of concern. This includes having systems for which the vendor is no longer providing support or security updates,” he explained.

“The lack of a comprehensive security patching regime and poor access management practices are also common. Some institutions still haven’t developed a complete inventory of their information assets within their IT real estate or put in place effective oversight where part of that real estate is managed by third parties.”

This includes both cloud-based services and traditional support arrangements, all captured by CPS-234.

See also: APRA advises regulated entities to manage risks when adopting cloud

Under the new directive, an APRA-regulated entity must clearly define the information security-related roles and responsibilities of the board, senior management, governing bodies, and individuals.

They must also keep and maintain a log that details the size and extent of threats to its information assets, as well as implement controls to protect its information assets log and undertake “systematic testing and assurance regarding the effectiveness of those controls”.

Additionally, the entity must notify APRA of “material” information security incidents.

“You cannot secure what you don’t understand and you are only as strong as your weakest link,” Summerhayes said. “In short, there is room for improvement in the industry.”

APRA’s role, Summerhayes said, is to ensure regulated institutions are resilient to cyberattacks through prevention, detection, and response capabilities. He said the regulator will be increasingly challenging entities in this area through the use of data-driven insights to “prioritise and tailor supervisory activities”.

“In the longer term, we’ll use this information to inform baseline metrics against which APRA regulated institutions will be benchmarked and held to account for maintaining their cyber defences,” he said. “We’ve set the floor with CPS-234 and will be enforcing these legally-binding minimum standards in a ‘constructively tough’ manner.”

Internally, Summerhayes said APRA is also bolstering its ability to assess the cyber resilience of the institutions it regulates by improving its own capabilities, turning to third parties where necessary.

APRA also announced on Thursday that it would be undertaking a multi-year project to upgrade the “breadth, depth, and quality” of its superannuation data collection.

APRA’s Superannuation Data Transformation aims to drive better industry practices and improve member outcomes by significantly enhancing the comparability and consistency of reported data, the discussion paper says.

It is expected the project will make it easier to scrutinise and reliably compare fund and product performance, especially in the choice segment of the market.

APRA said it intends to use this improved data to inform its own prudential activities, gain deeper insight into fund operations, and strengthen its oversight of the industry.

MORE SECURITY

Credit: Zdnet

Previous Post

Tool induced arbitrage opportunities, also, how to cut cakes.

Next Post

Machine Learning Harnessed To Build Map of the Connectome

Related Posts

Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
Criminals spread malware using website contact forms with Google URLs
Internet Security

Criminals spread malware using website contact forms with Google URLs

April 13, 2021
Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Next Post
Machine Learning Harnessed To Build Map of the Connectome

Machine Learning Harnessed To Build Map of the Connectome

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Internet Privacy

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

April 13, 2021
Machine Learning Approach In Fantasy Sports: Cricket
Machine Learning

Machine Learning Approach In Fantasy Sports: Cricket

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome
Data Science

6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Brave browser disables Google’s FLoC tracking system April 13, 2021
  • New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices April 13, 2021
  • Machine Learning Approach In Fantasy Sports: Cricket April 13, 2021
  • These new vulnerabilities put millions of IoT devices at risk, so patch now April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates