fbpx
perm_phone_msgConsider your business risks? Chat With US

Why not think outside the box on cyber security?

Whitepapers BCyber todayAugust 9, 2020 44

Background
share close

After the PM’s announcement the other week and the AFR article from 3 July on the dumping of the mygov data on the dark web for sale – it got me thinking about how we as Super Fund Trustees are navigating this new cyber world, are we doing enough to protect our member’s data? Are we, in LTGEN Morrison’s words just accepting the current cybersecurity standards when it is clear from recent breaches such as Toll, LION, Fisher & Paykel, that we shouldn’t

The same AFR article went on to say that the 3,600 “MyGov accounts are among a list of more than 150,000 hacked .com.au” logins available for sale. So it only stands to reason that Super Funds with our large FUM, thousands of clients and recent “covid-drawn” runs are prime targets. It seems to me that the “auction” or dumping of the data is the endpoint and not the starting point.

The real question is what are we doing to understand and address a problem that has traditionally been thought of as a technology one, when it is patiently clear that it is a business problem?

It’s  time for our industry to reassess our cybersecurity posture and I don’t just mean review the risk matrix so you can “tick a box” I mean:

Evaluate your perimeter defences – when was the last time you “red teamed”?

Staff are our greatest strength and our greatest weakness – what are you doing to increase their cyber awareness, arming them with enough knowledge to make the right choices and not “click here, there and everywhere”? When was the cyber awareness training reviewed? The bad guys don’t sit still and neither should we?

As many staff are still WFH – has your BYOD policy been reviewed, updated, and socialised?

what if the ransomware is in and starting to deliver its payload (encrypting your data at 6k-10k files per second) and it is too late for your prevention-based security to react? At this point it matters much more than you can stop the illegitimate encryption ASAP, Otherwise, there are only two options: (1) pay the ransom (2) go through the much more costly process of restoring and rebuilding your IT environment … What is your response plan?

With ransomware-extortion on the rise, what plans do you have in place to manage this situation? The dumping of data on the dark web for all and sundry to view is real – and some information never gets “old” e.g. TFN, medical records ….

We need to be open to innovation and raise our eyes to see what is out there…..

Written by: BCyber

Rate it
Previous post