The major banks say they're fending off more cyber threats than ever
The national banking regulator has warned that it is “only a matter of time” until a major bank suffers a significant cyber breach. The Australian Prudential Regulation Authority also said that insurers and super funds would eventually be victims of cyber attacks.
After this week’s cyber attacks on media group Nine Entertainment, APRA Chairman Wayne Byres said it was a “timely warning” of the growing threat of cyber attacks, including attacks by criminal groups and state-sponsored hackers.
Australian companies are now being victimised by ransomware attacks demanding as much as $10 million, according to a report by The Australian. McGrathNicol partner and cybersecurity expert Darren Hopkins told the publication that client requests for help handling ransomware attacks have tripled in the last three months.
This week’s attack on Nine Entertainment has impacted the production of newspapers including The Sydney Morning Herald and The Australian Financial Review. The attack is expected to cost the company more than $1 million.
Bank executives have also warned that their institutions are facing increasing cyber and phishing attacks, The Australian reported.
Mark Whelan, ANZ institutional bank group executive, told a conference Tuesday that the bank was facing up to 10 million cyber attacks per month against the bank, its systems or its customers.
“I see it as the single biggest issue which we talked about, or threat, in banking today,” Whelan said. He said it was vital to put in place as many controls as possible to mitigate the threat of cyber attacks.
Westpac chief executive Peter King told The Australian that cyber threats had spiked during the COVID-19 pandemic.
Read more: ASIC caught in cyber breach
“Cyber has to be up the top of every business’ – and frankly every consumer’s – mindset at the moment,” King said. “The potential for very sophisticated attacks has gone up, so we have to operate at both a co-ordinated national level as well as an individual level.”
Byres said APRA had seen recent moves by both criminals and state-sponsored hackers to exploit vulnerabilities in Microsoft Exchange.
“It’s just a timely reminder that those cyber threats continue to grow and they require a continuous cycle of investment in improved practices,” Byrne said.
Hopkins told The Australian that he believed many recent attacks were the work of organised crime groups in Eastern Europe that were using ransomware attacks to fund their organisations.
“There are a lot of suggestions that cyber crime is now worth more to organised crime than the drug industry,” Hopkins said.