The world of cyber crime is constantly evolving, with attackers always seeking the most lucrative targets. Recently, several Australian superannuation funds have become the focus of these malicious activities, highlighting the significant risk the industry faces. News reports indicate that Australian Super, the nation’s largest retirement fund, along with Rest, Host Plus, Insignia, and Australian Retirement, have all been targeted. In one instance, members of Australian Super tragically lost a combined total of $500,000. This incident serves as a stark reminder of why super funds are such a prime target for cyber criminals: they hold vast sums of money.
Following the Money
Cyber attackers, much like traditional criminals, are often motivated by financial gain. Superannuation funds, by their very nature, manage enormous pools of capital, making them an incredibly attractive prize. These funds represent the collective retirement savings of millions of individuals, and the potential for a massive payout in a successful attack is substantial. Even the theft of a fraction of these funds can result in significant financial damage, as evidenced by the losses already incurred.
The Appeal of Super Funds
Several factors contribute to the attractiveness of super funds as targets:
- Large Asset Holdings: As mentioned, the sheer amount of money held by these funds is a major draw.
- Sensitive Data: Super funds also hold a wealth of sensitive personal and financial data on their members. This information can be valuable to cybercriminals for identity theft, fraud, or extortion. We have seen this with the Medibank attack.
- Complex Systems: The IT infrastructure of super funds can be complex, potentially creating vulnerabilities that attackers can exploit.
The Broader Context
The attacks on Australian super funds are not isolated incidents. As Prime Minister Anthony Albanese noted, Australia faces a significant number of cyber attacks daily. This highlights the pervasive nature of cyber threats in today’s digital age and the need for constant vigilance across all sectors, but particularly in those that manage large sums of money.
What Can Be Done?
The security of superannuation funds and the savings of their members must be a top priority. Robust cybersecurity measures are essential to protect against these evolving threats.
- Minimum Essential Security: At a minimum, to protect against standard attacks implement foundational security measures, including:
- Cyber training for all staff
- Two-factor authentication (2FA) for all staff
- Phishing protection software (e.g., XSurfLog)
- Penetration testing
- Data encryption
- Advanced malware protection
- Incident response planning
- Monthly Cyber Security Improvement: To stay ahead of evolving threats, a program of continuous improvement is essential. Vertex Cyber Security works with organisations to implement “bite-sized” monthly security enhancements.
- ISO 27001 Implementation: Implementing ISO 27001, with Vertex Cyber Security’s guidance, provides a framework for managing information security risks and demonstrates a commitment to best practices.
- APRA CPS 234 Compliance: Superannuation funds should also ensure compliance with APRA CPS 234, which sets out requirements for managing information security risk.
By prioritising these measures, superannuation funds can significantly strengthen their defences against cyber attacks.
Vertex helps many businesses implement the above option that is the appropriate Cyber Protections for your business. If your business would like have a chat how the Vertex Cyber Experts will make a difference to your protection reach out for a chat:
Note: It’s important to emphasise again that none of Vertex Cyber Security’s clients were impacted in these attacks.