ASFA CEO Mary Delahunty said superannuation funds are having their security systems bolstered to protect them against cyber attacks, scams, and fraud. (Source: ASFA/Getty)
Work is underway to protect Australia’s growing superannuation system from future cyberattacks that could seek to bleed retirees of their savings. With more than $4.3 trillion collectively invested across all super funds, the target is a seriously big one for cyber criminals.
A poll of hundreds of Yahoo Finance readers found 64 per cent are worried about their fund’s security and wished it would be strengthened. Currently the Association of Superannuation Funds of Australia (ASFA) has been quietly working to bolster fund security measures.
ASFA CEO Mary Delahunty told Yahoo Finance the work will protect funds from scams and fraud in the future.
“This is a significant undertaking with multiple elements, including a secure, bespoke intelligence sharing and communications platform that will enable proactive threat mitigation through collaboration and early warning systems, coordinated incident response capabilities across funds and service providers, and a dedicated cyber playbook to guide the sector through potential incidents,” she said.
RELATED
“We’ve learnt a lot from what’s worked in other sectors, especially banking, where the industry came together to share information about threats and coordinate their response.”
She said ASFA has been consulting with the government and industry regulators to make sure expectations around cyber security are aligned for the future, especially as scammers and hackers continually change and sharpen their tools.
Delahunty added that ensuring peoples’ money and data is safe has always been taken “extremely seriously”.
Do you have a story? Email stew.perrie@yahooinc.com
ASFA is the peak superannuation body in Australia, and its work in this area is aimed at providing an industry-wide approach to the threat of cybercrime.
Each fund is also doing its own work in bolstering security defences.
The Association would like to see a secure platform created that could provide real-time cyber threat intelligence sharing, along with early warning systems, that would give funds and users a much better chance at stopping cybercriminals.
The industry was rocked in April when it was revealed a major cyber attack was launched on the super system.
Providers targeted include Rest, Insignia and AustralianSuper, and four members were believed to have lost $500,000 in the co-ordinated assault.
RMIT Centre for Cyber Security Research and Innovation director Matt Warren told Yahoo Finance super was an easy target because some accounts did not require multi-factor authentication.
That’s despite a directive issued by the Australian Financial Services Council last year for a security standard for its superannuation members to make multi-factor authentication systems compulsory. It also suggested alternatives like biometrics and one-time passwords.
“The problem is superannuation funds were given two years to implement it, so the end date was in 2026,” Warren said.
“Some companies are still in transition and it’s unfortunate timing. If this had happened next year, for instance, it might not have had the same impact.
“The only positive that will come out of this is it will actually speed up companies if they haven’t to implement multi-factor authentication.”
While the victim rate from this attack was relatively low, prime minister Anthony Albanese said there is a cyber attack in Australia every six minutes, and it’s unclear when the next one will again target super funds.
In the wake of that event, people were encouraged to update their accounts with a password that they’ve never used anywhere.
A superannuation account can be one of the most important assets a person can hold during their lifetime, so it’s worth being extra cautious.
“Always use unique passwords on each platform. Make sure your passwords are long and complex. Strong passwords make it harder for people to hack into your accounts,” the government’s MoneySmart site said.
“If your super fund provides it, we recommend using Multi Factor Authentication (MFA) too.”
Get the latest Yahoo Finance news – follow us on Facebook, LinkedIn and Instagram.