The safety and security of the banking and financial sector has been shed light on the Optus breach, which stole the personal information of nearly 10 million customers.
The federal government is now Telecommunication Regulations 2021, This will allow telecommunications companies to temporarily share approved government identifier information with regulated financial services institutions to protect customer information.
In a world where digitization and information sharing are becoming more and more commonplace, the latest data breach has put banking associations, consumer watchdogs, and other stakeholders on high alert and has left many consumers without information. We have issued warning notices and tightened regulations to protect Internal control.
The challenge for banks and other organizations is how to balance the need for information while assuring customers that their data is secure.
One of the major technological breakthroughs gaining momentum is open banking. It aims to make the mortgage process more efficient and transparent through information sharing and access.
In October 2021, the government confirmed amendments to the Consumer Data Rights (CDR). This is an important part of bringing Open Banking together, formalizing the ability for consumers to share data with their “trusted advisors” such as mortgage brokers, financial advisors and accountants. , a tax accountant or financial counselor.
However, the Optus breach raises the question of how safe and secure open banking is.
Simon Docherty, Chief Customer Officer of Frollo, an Australian government-accredited data recipient for open banking services, said CDR was built with the consumer in mind using the best technology of the time. .
However Mr. Doherty He added that, as with all technology, it is important to be “evolving” all the time.
“The government has made it mandatory for all banks to make consumer data available. , or a secure backend framework.
There are two APIs for banks and registered data recipients (Frollo in this case). The bank’s API will be transferred to Frollo’s API and the “trusted advisor” will be available for a period of time.
Docherty said consumers first need to identify what level of information they want to access.
“They go through a defined consent process … they agree when they provide data … they agree on the types of accounts they want to be granted access to and they know what the data will be used for.” Docherty said.
“Sometimes we only need that data for 24 hours, so after 24 hours, the recipient of the data should delete it after that period.”
He added that consumers may want access to that data for longer periods, such as three months. If so, a dashboard is now available where trusted advisors can review the data.
Trusted advisors have access to this data, but Docherty explained that the “raw data” is never transferred and instead has access to reports downloaded by brokers.
So the way you store those reports falls under the same security responsibility They have all consumer data.
ASIC Needs A Good Cyber Security System
In fact, how brokers manage and protect their data is becoming more and more important.
Following a landmark federal court ruling against Australian Financial Services (AFS) licensee RI Advice, a new bank recently opened a new bank after several cyberattacks found it lacking adequate risk management systems in place. A precedent has been set.
These attacks could have compromised confidential and confidential information of thousands of clients and other individuals.
The Australian Securities and Investments Commission (ASIC) said: essential to all entities, Appropriate cybersecurity systems in place to protect against unauthorized access, including for Licensees.
ASIC said:
Apart from the recent Optus attack, the Australian Cyber Security Center (ACSC) received over 67,500 cybercrime reports in the year to 30 June 2021, a nearly 13% year-on-year increase .
Large and organized scale cybercrime poses a growing threat to Australian banks. The S&P Global Ratings Team has warned that cyberattacks on Australian banks could destabilize the country’s financial system given the sector’s interconnectedness. Incidence remains low.
S&P Global Report on Banking Cybersecurity Says Lenders with Weak Cyber and Non-Financial Risk Governance Are Most Vulnerable, with Large-Scale Attacks “Could Severely Damage a Country’s Banking System” . It added that local banks were most at risk.
“Attacks are on the rise in Australia,” said Nico Delange, an analyst at S&P Global Ratings and author of the report, warning that banks are attractive targets.
“Many banks participate in direct payments, and a successful attack on one lender could impact the country’s system,” said DeLange.
He explained that the financial system is “tightly interconnected”, which increases risks.
“There will be more potential risks as smaller banks gain access,” he said, adding that attacks on third-party service providers could also “paralyze banking operations.”
“Many smaller banks rely on the same content delivery networks (e.g. Akamai, which experienced a major outage in 2021), cloud-based service providers (such as AWS), or software-as-a-service in their core banking systems. We use providers (e.g. Temenos) or Data Actions, which is particularly relevant for smaller regional banks.”
highly regulated banks
APRA warns that banks also need to strengthen their ability to monitor cyber resilience.
In July 2019, the Australian Prudential Regulation Authority (APRA) issued an Information Security Prudential Standard to help the industry prepare and build a cyber risk management framework, and by 2021 all banks will have an Information Security Tripartite We have issued a notice advising you to start preparing for your review.
All Australian businesses, including banks, are required to notify the government-run ACSC of cyber incidents of significant or related impact. However, non-bank financial institutions are less heavily regulated.
DeLange warned that nonbanks may be “lagging behind their regulated peers in developing cyber defenses.”
However, he added that they had observed some banking and non-banking cyber risks and found they had a “sound approach to cyber risk management.”
[Related: Businesses must learn from landmark RI advice court decision]
.
Comments
Post a Comment