ASIC sounds warning on hacking

Cyber attacks are increasingly threatening not only individual companies but the wider financial system, with ASIC calling for financial institutions to more rigorously protect their online operations.

Last week, the corporate regulator released a report urging the financial services industry to reassess its approach to managing exposure and aftermath.

With a major focus on cyber resilience, Cyber resilience: Health Checkoutlines a number of ‘health check prompts’ devised to enable organisations to review the strength of their cyber attack preparation, response and recovery plans.

The health check prompts are designed to stimulate consideration of the breadth and depth of cyber resilience required to ensure a strong recovery from attack, particularly where financial consumers and investors are involved.

ASIC Chairman Greg Medcraft says: “Cyber attacks are a major risk for ASIC’s regulated population and that means cyber resilience is an area of ASIC focus.

“The electronic linkages within the financial system mean the impact of a cyber attack can spread quickly – potentially affecting the integrity and efficiency of global markets, and trust and confidence in the financial system.”

The report comes as an attempt to broaden the current focus on protection against attacks to a more extensive consideration of the full implications of an attack and how best to adapt.

The health check prompts aim to cover not only identification of risks and appropriate protection from cyber attack, but also detection, response and recovery methods and management.

ASIC encourages businesses to consider following the United States’ NIST Cybersecurity Framework when devising a risk management plan, “particularly where their exposure to a cyber attack may have a significant impact on financial consumers and investors or market integrity,” Medcraft says.

With the increased threat of cyber attack, the report urges ASIC’s regulated populations to address cyber attack risks as an integral part of their legal and compliance obligations.

For more on the report, click here.