Brokers and the broader financial services industry have been urged to embed cybersecurity measures and a crisis management team long before an attack occurs.
Major General (Retired) Dr Marcus Thompson, former head of the MoD’s Information Warfare Division, alerted brokers to threats of cyberattacks and urged them to implement remediation mechanisms. defense before they fall prey to cybercriminals.
“The time to think about an answer is long before an answer is required,” Dr. Thompson told Mortgage Business sister brand The Adviser.
“Once an incident happens, it’s too late to think about it.”
Dr Thompson’s warnings followed multiple incidents of malicious cyberattacks in the financial services sectorwith studies revealing last year that the industry suffered the highest number of data breaches between January and July 2021.
Home buyers were also targeted by scammers and lost hundreds of thousands of dollars.
These sustained attacks and scams (which have intensified during the COVID-19 crisis) led Connective to urge brokers to strengthen their cybersecurity posture to protect their businesses, but lamented that this issue had been taken off their priority list.
Dr. Thompson and Phil Tarrant, director of Momentum Media, parent company of The Adviser, defense, security and aerospace, will discuss these questions at the Better Business Summit 2022 and examine why brokers have a big target on their backs as they increasingly operate in a digital environment, and how they could create cyber-resilient brokerages.
Dr Thompson said that brokers and the wider financial services industry are vulnerable to cybercriminal activity because they have access to their customers’ sensitive financial information and digital systems that connect to financial institutions and other payment mechanisms. negotiation.
Dr Thompson described the cybersecurity threats facing Australian businesses in a Seamless Cybersecurity Podcast hosted by Momentum Media’s cybersecurity brand Cyber Security Connect, and reported that the threat had escalated following Russia’s “invasion” of Ukraine.
Scott Morrison recently warned that companies could be targeted by Russian cybercriminals in retaliation for Australia imposing a range of measures against the country, including economic sanctions.
Dr. Thompson cautioned companies against complacency and suggested they patch their systems and update their hardware, software and security measures.
The 3-pronged defense system
Noting that some companies have used measures more vigorously than others, Dr. Thompson advised brokers to implement three types of cybersecurity protections.
The first is self-defense, which would involve providing education to raise employee awareness and instilling a culture of caution.
“Don’t be the person who clicks on links in the phishing email or posts information on social media that a professional cybercriminal could use to target your brokerage in a social engineering phishing attack,” a he declared.
The second is passive defense, where system administrators assess how well companies are complying with mitigation strategies developed by the Australian Signals Directorate (ASD) and the Australian Cyber Security Center (ACSC), which aim to prevent adversaries from compromising systems.
Known as the “Eight Essentials,” these strategies include:
- Application Control
- Patch requests
- Configure Microsoft Office macro settings
- User Application Hardening
- Restrict administrative privileges
- Patch operating systems
- Multi-factor authentication
- Regular backups
The third is an active strategy in which professional cybersecurity managers sit inside systems and actively detect, contain, and remediate threats to a company’s system.
be through the law
In addition, it is crucial to be up to date on legislation, in particular the Critical Infrastructure Security Act 2018, which manages the complex and evolving national security risks of sabotage, espionage and coercion posed by foreign involvement in Australia’s critical infrastructure.
It applies to 22 asset classes in 11 sectors, including financial services and markets.
“This legislation has reclassified critical infrastructure within our economy, so there will be obligations for all companies in these sectors to consider not only the cybersecurity of their organization but also their product or service offering,” said the Dr Thompson.
The New South Wales government has established a new identity support unit last year to minimize the risks associated with identity theft, by setting up IDSupport NSW to prevent identity theft and provide a single point of contact support service for citizens.
In 2020, the New South Wales government allocated a record $240 million to build internal cybersecurity capacity, created a regional cybersecurity center in Bathurst, led the work of a task force on industry standards and introduced targets for SMEs on information and communication technology (ICT) spending across government.
Dr. Thompson will dive deeper into the legislative environment at the summit, present a conceptual framework for the cybersecurity review, and answer questions from brokers regarding their technical support during his session.
The Better Business Summit 2022 will be held at the following locations:
- Brisbane, April 28, 2022 at Sofitel Brisbane Central
- Sydney, May 5, 2022 at the Australian Turf Club, Royal Randwick Racecourse
- Adelaide, May 12, 2022 at the Adelaide Convention Center
- Perth, May 19, 2022 at Crown Towers
- Melbourne, June 2, 2022 at Crown Towers
To learn more about how brokerages could strengthen their cybersecurity measures, see the December 2021/January 2022 edition of The Adviser magazine.
To listen to the full Cyber Security Uncut podcast from Dr. Marcus Thompson and Phil Tarrant, click here:
[Related: ASIC chair outlines 2022 priorities]
Malavika Santhebennur is the Mortgage Headlines Editor at Momentum Media.
Prior to joining the team in 2019, Malavika held positions at Money Management and Benchmark Media. She has been writing about financial services for six years.