Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
New research reveals that more than half of Australian super funds lack basic cyber security measures to protect their members.
Earlier this month, several Australian superannuation funds fell victim to credential stuffing attacks, which saw a small number of members lose more than $500,000.
Sadly, it appears many such funds are still prone to compromise.
Cyber security firm Proofpoint has released new research into the email security of Australian super funds, and the most alarming statistic is that 58 per cent of funds are falling behind on the most basic security measures.
“Australian superannuation funds hold the financial futures of millions of everyday Australians, yet our research reveals 58 per cent are failing to implement basic email security protocols. This security gap creates a dangerous opening for cyber criminals who specifically target these data-rich organisations,” Steve Moros, senior director of the advanced technology group for Asia-Pacific and Japan at Proofpoint, said in a statement.
Proofpoint conducted Domain-based Message Authentication, Reporting and Conformance (DMARC) analysis of more than 80 Australian funds and found that 8 per cent don’t have any DMARC protection at all, while only 42 per cent have the highest level of DMARC protection.
DMARC has three levels of protection – monitor, quarantine, and reject, the latter of which is the highest level of protection. The protocol is designed to prevent domain names from being misused by cyber criminals.
Twenty-three per cent of Australian funds use the quarantine level of protection, and 27 per cent use the monitor level.
“The recent breach resulting in over $500,000 in losses demonstrates these threats aren’t theoretical and, in fact, regular occurrences growing in volume. They’re actively impacting Australians’ retirement savings,” Moros said.
“While resource constraints are understandable, implementing robust DMARC protection isn’t optional in today’s threat landscape – it’s essential infrastructure that stands between members’ life savings, their privacy and increasingly sophisticated fraud campaigns targeting these critical financial institutions.
The analysis was conducted based on a list of Australian Prudential Regulation Authority-regulated super funds and was conducted in April of this year.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
