Australian superannuation industry under coordinated cyber attack: A call to action

A coordinated cyber attack on Australia’s superannuation industry last week resulted in the theft of $500,000 from member accounts and the compromise of sensitive member data.

While the majority of attack attempts were stopped, the cyber defences of major superannuation funds, including Rest, HostPlus, AustralianSuper, Insignia Financial, and Australian Retirement Trust, were significantly tested during the attack.

AustralianSuper, which has more than 3.4 million members, confirmed that four of its members had a collective $500,000 taken from their accounts while 600 member passwords were also compromised.  Rest said 8000 accounts may have had personal information accessed, but no funds were transferred, while Insignia Financial said about 100 accounts had been targeted, but no financial impact to customers had been detected.

As funds rush to reassure members and work with government agencies, this attack also highlights the vulnerability of digital systems in the sector and the pressing need for enhanced security measures.

Challenges and opportunities: A vital industry under pressure

The Australian superannuation industry manages nearly $4 trillion AUD in retirement assets, with these funds often held securely under global asset custodianship by institutions like JP Morgan, Citigroup, State Street, and BNP Paribas.

Despite this secure custodianship, the industry is under immense pressure, with the landscape increasingly being shaped by technology. There is an unprecedented focus on enhancing members’ retirement outcomes through digital transformation –  including simplifying services, offering digital advice and providing data-driven personalised experiences. Millennials and Gen-Z in particular are demanding high-quality, seamless digital and online experiences from super funds and are willing to switch funds if their expectations are not met.

With the vast amount of money managed by funds and an increased reliance on digital platforms, super funds are a significant target for cyber threats.

Protecting superannuation assets from cyber threats now and in the future

To safeguard the integrity of the superannuation system and protect its assets from such threats, super funds need to consider the following strategies:

1. Multi-Factor Authentication (MFA): Implement MFA across all platforms to add extra layers of security beyond just passwords. This can involve requiring uniquely generated codes or biometric authentication.
2. Regular security audits: Conduct regular audits to identify and address vulnerabilities in systems. This proactive approach can prevent potential breaches.
3. Member education: Provide clear guidance to members on how to protect themselves online. This includes using unique passwords, keeping software up-to-date, and being cautious with links and attachments.
4. Industry collaboration: Encourage collaboration among superannuation funds, government agencies, and cybersecurity experts to share knowledge and best practices. This collective effort can strengthen defences against coordinated cyber-attacks.
5. Strengthen cybersecurity frameworks: Support initiatives like the ASFA Financial Crime Protection Initiative (FCPI) to develop sector-wide cybersecurity frameworks and tools for managing threats effectively.

A Zero-Trust and layered security approach across Architectural Building Blocks

Super funds rely on a variety of systems and capabilities which work to deliver members with engaging and integrated services. When combined together, these Architecture Building Blocks (ABBs) ensure alignment between business objectives and technological capabilities. But they also have a vital role to play in maintaining security across a super fund.

1. Network security:

• Implement robust firewalls and intrusion detection systems to monitor and block unauthorised network access.
• Utilise network segmentation to isolate sensitive areas, limiting the spread of potential breaches.

2. Application security:

• Conduct regular security audits and penetration testing on web applications and mobile apps.
• Implement secure coding practices and use secure frameworks to protect against common vulnerabilities.

3. Data security:

• Encrypt sensitive member data both in transit and at rest, using advanced encryption algorithms like TLS 1.2 or higher versions for network communication and strong AES for data storage.
• Ensure compliance with data privacy regulations by implementing data access controls and auditing data access.

4. Identity and Access Management (IAM):

• Implement multi-factor authentication for all users accessing sensitive systems.
• Use role-based access control (RBAC) to ensure that users only have access to necessary data and applications.

5. Incident response:

• Develop comprehensive incident response plans that detail procedures for detecting, responding to, and mitigating security breaches.
• Conduct regular training exercises to ensure readiness and efficiency in responding to incidents.

6. Strengthening full-stack observability across the end-to-end digital footprint

Full-stack observability is crucial for identifying and addressing security and performance issues across complex IT environments. This involves monitoring all layers of the IT stack in real time, from hardware to user-facing applications.

• Telemetry data: Collect logs, metrics, and traces from all endpoints, including servers, cloud services, and network components. Use AI/ML to analyse this data and identify anomalies quickly.
• Unified visibility: Implement tools that provide a holistic view of the entire IT environment, including on-premises, cloud, and edge components. This helps in pinpointing the root causes of issues and prioritising actions based on business impact.
• Real-time insights: Ensure that all stakeholders have access to real-time performance updates. This allows for rapid detection and resolution of problems before they impact users.
• Integration with business metrics: Correlate technical data with business outcomes to prioritise actions that have the most significant impact on the customer experience and business operations.
• Continuous monitoring and feedback: Regularly review and refine observability practices to ensure they remain effective in an ever-changing digital landscape.

Building a secure digital transformation

The recent cyber-attack on the Australian superannuation industry is a timely reminder of the importance of robust cybersecurity measures. As the industry continues to evolve digitally, it must prioritise the security and integrity of its systems to protect the retirement assets of millions of Australians.

By implementing enhanced security protocols and fostering a culture of online vigilance among members, the superannuation sector can ensure that its digital transformation supports both convenience and security. Combining a layered security approach with comprehensive full-stack observability enables the Australian superannuation industry to effectively protect retirement assets while enhancing digital services and experiences for its members.

As a trusted partner within the superannuation sector, Equal Experts has a proven track record of supporting super funds through complex digital transformations. Our expertise enables us to guide super funds through changing landscapes and capitalise on new opportunities while maintaining strict security standards. Contact our team in Australia to find out how we can support your fund to strengthen its digital foundations.