IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

Not having phishing resistant MFA will come at a cost for the finance industry

By Contributor
Wed 23 Feb 2022

Article by Yubico APJ vice president, Geoff Schomburgk.

With the volume of money handled by the finance industry on any given day, it's no wonder that it is a prime target for cybercriminals. Whilst security in finance is generally better than in other sectors, cybercriminals continue to evolve their methods with the intent to access sensitive data. Moreover, as cybercriminals get more sophisticated, banks and financial institutions are challenged to keep their critical IT systems secure from unauthorised access. 

Since the start of the pandemic, financial services institutions have been disproportionately targeted by cyberattacks, representing 25.3% of all attacks, according to a Bank for International Settlements Bulletin.

It is estimated that the average cost of a data breach in financial services is USD$5.72 million, but this doesn't take into account the loss of trust, reputation and long term costs of recovery in setting up new processes to avoid this taking place again.

Since the onset of the pandemic, more end users have been using online and mobile channels for their banking needs, and more employees and executives are working from home. This has caused the number of potential victims of cyberattacks to skyrocket.

According to COVID-19 Crime Index 2021, 42 per cent of banks surveyed say the shift to home office work at their institution has led to a decline in IT security. 

Maintaining secure access to systems requires strong authentication for all users. Legacy authentication methods, such as username and password combination or mobile two-factor authentication (2FA), are often used to connect the home office end device to the IT systems.

While financial institutions were early adopters of 2FA, these legacy solutions are now highly vulnerable to account takeovers, phishing, malware, SIM swapping, and man-in-the-middle attacks. 

An opportunity to be proactive in managing a costly threat

Financial entities are fully compliant with IT security, data protection requirements and international mandates and directives for payment services and customer data, such as the Payment Card Industry Data Security Standard (PCI DSS) and General Data Protection Requirements (GDPR), but there is still a need for improvement. 

The Australian Prudential Regulation Authority (APRA) governs publicly listed banks and financial institutions and provides guidelines outlining information security requirements in Australia.

The CPS 234 Information Security (CPS 234) is one APRA standard aiming to ensure that an APRA-regulated company takes measures to manage information security incidents, such as cyber-attacks. It also requires that entities respond in a timely manner to data breaches or other security incidents. 

Meanwhile, the Security Legislation Amendment (Critical Infrastructure) Act 2021 requires entities, including banks, to maintain a register of critical infrastructure assets and adhere to the mandatory reporting of any cyber security incidents. But is this enough? 

While the frameworks and guidelines we have in Australia are a starting point, we only need to look to the US to see why Australian businesses, especially important ones like financial services, need to do more and be proactive in adopting stronger phishing resistant security methods. 

Though not specific attacks in the financial industry, the recent high profile security breaches and incidents like SolarWinds and the Colonial Pipeline hack were a wake-up call for the US government last year.

Subsequently, in May 2021, President Biden released an executive order mandating all US government agencies to implement MFA within 180 days. Then, in September 2021, the US government issued its Draft Zero Trust Strategy, which requires Federal agencies to only use multi-factor authentication that is phishing resistant.

Moves like these are setting a precedent for the world and ultimately highlight the significance of incorporating MFA technologies and Zero Trust strategies within the financial industry to prevent future attacks.

Phishing resistant MFA, based on public/private key cryptography, significantly reduces the attacker's ability to intercept and replay access codes as there are no shared codes. The authentication action can only occur between the user's device and the specific site they are going to.

What solution is available?

One recommended method to combat phishing attacks is to use a hardware security key – it requires the user's presence and proof of possession to gain access or log in.  

Hardware security keys don't require a network connection, don't need battery power, and don't store data, making them an ideal option for strong phishing resistant authentication. In addition, hardware security keys provide a better user experience than legacy 2FA and MFA because users can log in with a single touch or tap on the security key.

The increase in sophisticated cyberattacks highlights the fundamental change needed to our approach to information security and why the financial sector should have phishing resistant MFA as part of its systems and procedure.

Will the adoption of phishing resistant MFA be proactively deployed by financial institutions? Or, as happened in the US, will it take a major data breach to force governments to mandate it?

This is an opportunity for the banking and financial services sector to take a leadership position in the industry and proactively tighten guidelines on authentication processes to avoid a costly business lesson.

Article by Yubico APJ vice president, Geoff Schomburgk.

Related stories
Top stories
Story image
ABI Research
75% of 5G networks to advance to 5G-Advanced by 2030 
5G-advanced is set to launch in 2025, and 75% of 5G networks will upgrade by 2030, according to ABI Research. 
Story image
Digital Transformation
Munro Footwear Group chooses Boomi to assist with digitisation strategy
Munro Footwear Group (MFG) has selected Boomi to assist with its eCommerce and digital transformation roadmap goals.
Story image
Telecommunications
WiFi as a Service market to reach $26 billion through 2032
As a result of the easy management of wireless infrastructure over cloud services, WaaS is experiencing rapid growth.
Story image
Southern Cross Cable
Southern Cross Cable launches the SX NEXT cable to connect NZ to the world
The new Southern Cross NEXT fibre cable (SX NEXT) is set to connect Australasia to the US and further enhance connectivity between New Zealand, Australia, and the US.
Story image
Solutions
Progress launches latest version of network visibility solution
In Flowmon 12 network solution, Progress has expanded its support for public cloud provider flow log monitoring and launched new features.
Story image
Apple
Your tools, your choice: why allow employees to choose their own devices?
Jamf Australia says giving your team the freedom to work with their digital device of choice could help to attract and retain top talent in a tight labour market.
Story image
Capital
Rubber Monkey gears up for Aussie market with latest capital raise
Rubber Monkey is seeking to raise up to NZ$2.5 million of new capital through online investment platform, Snowball Effect.
Story image
Ransomware
Examining the future of ransomware threats with Vectra’s CTO
As customers' valuable data move to the cloud, so will ransomware. What is the current landscape and what do we need to know?
Story image
Adobe
Marketplacer and Adobe accelerate partnership for enhanced commerce solutions
Marketplacer has accelerated its partnership with Adobe in order to further enhance the global commerce marketplace.
PwC
WSLHD and PwC’s Consulting Business came together to solve through the challenges of COVID-19. A model of care was developed to the NSW Health Agency for Clinical Innovation guidelines with new technology platforms and an entirely new workforce.
Link image
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why it's time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
Telstra
Ericsson and Ciena, Telstra enhance service capacity for Telstra's optical network
Ericsson, Telstra, and Ciena have announced new enhancements to Telstra's Next Generation Optical Network, which will increase the service capacity of Telstra's optical network to 400 GE (Gigabit per Second Ethernet).
Story image
Ransomware
Businesses unprepared to defend against ransomware attacks
Ransomware attacks continue to impact organisations worldwide with high costs, but businesses are still largely unprepared.
Story image
Storage
EXCLUSIVE: Finding the best data center for your business needs with datacenterHawk
Companies using cloud are consistently looking for the best storage solutions to suit their enterprise needs and often have to go through rather complex processes in order to find the right fit.
Story image
Apple
Jamf introduces new content filtering solution for education providers
Jamf has announced the launch of Jamf Safe Internet, a new offering that looks to deliver a safe online experience to students while offering better management options for admins.
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Story image
Cybersecurity
How organisations can mitigate IoT and IIoT security risks
IoT and IIoT come with inherent risks because they are often deployed faster than they can be secured, putting organisations in danger of cyber threats. Here are tips on how to mitigate those risks.
Story image
AGVs
Bridgestone Australia uses Dematic's AGVs to optimise warehouse operations
Bridgestone Australia has deployed Dematic's Automated Guided Vehicle solution across its new Melbourne warehouse in Truganina.
Story image
Artificial Intelligence
Eight top DevSecOps trends to support IT innovation in 2022
The use of DevSecOps practices is growing, as it is increasingly seen as the best way to produce high-quality and secure code. So what are the current trends?
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Artificial Intelligence
Vectra AI named as AWS security competency partner
Threat detection and response company Vectra AI has announced that it has become an Amazon Web Services Security Competency Partner.
PwC
PwC's Consulting Business and PwC's Indigenous Consulting are proud to play an important role in helping Australian Indigenous Mentoring Experience build IMAGI-NATION, a free online university for marginalised communities around the world.
Link image
Story image
Training
Barracuda customises training to fit ACSC Essential Eight
Barracuda has announced that its Security Awareness Training now provides a customised training curriculum in line with the Australian Cyber Security Centre’s (ACSC) Essential Eight.
Story image
Cybersecurity
Without trust, your security team is dead in the water
The rise of cyberattacks has increased the need for sound security that works across any type of business, but with any change, buy-in is essential. Airwallex explains why.
Story image
Cloud
BT builds on Equinix partnership with new cloud offering
BT has launched a next-generation cloud connectivity offering extending its global network into strategic carrier-neutral facilities (CNFs) and building on its existing partnership with Equinix.
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
Cybersecurity
Tech and data’s role in the changing face of compliance
Accenture's study found that 93% of respondents agree or strongly agree new technologies such as AI and cloud make compliance easier.
Story image
Collaboration
Enterprise service management: the importance of a one-stop shop
In an online world, employees and end-users want one place to go for all their questions and requests. Intranet technology and self-service portals are useful tools that help serve this purpose.
Story image
Media
Registrations for the W.Media Sydney Cloud and Datacenter Convention 2022 now open
Are you a C-Level executive looking to enhance your knowledge in the cloud and data center space in order to get the best results for your company?
Story image
Document Management
Regaining digital trust and enhancing digitisation in Australian Government agencies
Having a digitised ecosystem of documents, tools and data can help bolster security, improve workflow and ultimately create better services.
Story image
Cybersecurity
Palo Alto Networks' cloud security platform receives IRAP assessment
"We provide help protect all forms of compute, cloud native services and access to data within public and private sectors."
Story image
Sustainability
Honeywell named Frankston facility services provider
Honeywell has been named the joint facility services provider for Frankston Hospital’s AU$1.1 billion redevelopment.
Story image
Airwallex
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Metaverse
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Story image
CSG
To win at 5G, telcos must tame their quoting chaos
The catalogs of CSP (communication service providers) market offerings are set to explode as new digital services emerge, powered by B2B2X business models.
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
Story image
ABI Research
NaaS market expected to reach $150B by 2030 - research
"The market is immature and fragmented, but telco market revenue will exceed US$75 billion by 2030 if they act now and transform to align with requirements."
Story image
Multi Cloud
Cloud is a tool, not a destination
For many years, “cloud” has been thought of as a destination which has led to a misguided strategy that sees an enterprise trying to shift all its applications to a single cloud provider – regardless of the specific needs and nuances of each individual workload.
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.