Powered by MOMENTUM MEDIA
subscribe to our newsletter

Regulators launch cyber resilience framework

A new framework has been launched to test the cyber resilience of financial institutions.

The Council of Financial Regulators (CFR) has released a Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework to test and demonstrate the cyber maturity and resilience of institutions within the Australian financial services industry.

The CFR – which includes the Reserve Bank of Australia (RBA), the Australian Securities and Investments Commission (ASIC), the Australian Prudential Regulation Authority, and the Treasury – has developed the framework to assist the financial institutions with the preparation and execution of industry-wide cyber resilience exercises.

CORIE is a pilot program of exercises that will use intelligence gathered on adversaries to mimic the way they operate.

The exercises will mimic the tactics, techniques and procedures (TTP) of real-life adversaries through the creation and utilisation of tools, and using techniques that may not have been anticipated and planned for.

Advertisement
Advertisement

According to the CFR, these exercises aim to measure an organisation’s ability to identify, respond and recover from the operations of a real-life adversary based on such TTPs.

The program will include threat intelligence-led exercises to assess the overall maturity of a financial institution’s cyber defence and response capability.

Threat intelligence is evidence-based knowledge including actionable advice about an existing or emerging threat to assets. This can be used to inform decisions around the organisation’s response to that threat.

The CFR has released a CORIE pilot program guideline, which said: “Real-life adversaries such as state-sponsored attackers are neither constrained by scope nor time.

“CORIE exercises mimic adversaries through fewer traditional testing restrictions and longer time duration to fully exploit opportunities. As a result, CORIE complements traditional security testing programs, such as vulnerability assessments, penetration testing and continuous red teaming – financial institutions should continue to maintain their existing security testing regimes.”

PROMOTED CONTENT


The objectives of the pilot program include:

  • Provide data and information to inform relevant regulators of systemic weaknesses that may pose a risk to the integrity of the Australian financial markets and financial system;
  • Assess financial institutions’ resilience to known adversaries targeting them; and
  • Provide the relevant regulator and financial institutions with a plan of remediation to address any weaknesses.

Independent providers will conduct the exercises in a bid to remain as unbiased as possible and bring a “fresh perspective”, while the day-to-day management of the pilot program will be carried out by the CORIE team coordinators on behalf of the CFR. The team will consist of a small number of members within the cyber security teams of the CFR members.

Upon completion of the exercises, a report detailing industry-wide trends around cyber resilience will be presented to the CFR, highlight any systemic weaknesses that may pose a risk to the integrity of financial markets and system.

“Sophisticated adversaries are continuously attacking Australian financial institutions in illegal operations that can result in substantial financial loss, reputational damage and, in a worst-case scenario, impact the stability of the Australian financial markets and financial system,” the guideline said.

“Cyber operational resilience requires that people, processes and information systems adapt to the ever-evolving threat landscape. To maintain the ability of financial institutions to avoid significant financial loss and worst-case scenarios, cyber operational resilience must be proactive and not reactive.”

The launch of the framework has come amid the launch of its cyber security strategy for 2020-24, with APRA executive board member Geoff Summerhayes warning that while no APRA-regulated bank, insurer or superannuation fund has suffered a substantial cyber attack, it would only be a matter of time before it happened due to a lack of awareness among the higher ranks of companies.

A Bankwest analysis of scams and fraud trends recently found that cyber criminals are actively targeting the elderly and most vulnerable members at double the rate of any other age groups.

[Related: Bank warns of ‘highly targeted’ cyber scams on elderly]

Regulators launch cyber resilience framework
Regulators launch cyber resilience framework
mortgagebusiness

Are you a new-to-industry broker in the process of growing your business? Then there’s some great news: The Adviser’s New Broker Academy is back in 2021 and will provide you with essential insights into cutting-edge tools, strategies and processes to fast-track to success. Don’t miss your chance to attend. To secure your FREE place, visit newbroker.com.au now!

Malavika Santhebennur

Malavika Santhebennur is the features editor on the mortgages titles at Momentum Media.

Before joining the team in 2019, Malavika held roles with Money Management and Benchmark Media. She has been writing about financial services for the past six years.

Latest News

Reverse mortgage lenders have accessed a small fraction of the potential retiree housing market in Australia, according to Deloitte. ...

Pepper Money has priced its second I-Prime deal for the year, upsizing the figure to $850 million. ...

The LMI provider has announced a new CFO following the resignation of its current CFO, effective 24 September. ...

Join Australia's most informed brokers

Do you know which lenders are providing brokers and their customers with the best service?

Use this monthly data to make informed decisions about which lenders to use. Simply contribute to the survey and we'll send you the results directly to your inbox - completely free!

How long do you think it should take to discharge a mortgage?

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.