Efforts Against Money Laundering and Cyber Threats Continue
This month’s Compliance Radar continues to track the progress of the AML/CTF Amendment Bill through Parliament and organisations’ continued efforts – and failures – to meet cyber security standards.
AML/CTF Amendment Bill Progresses Through Parliament
This month, the Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Amendment Bill was introduced to Parliament. The amendment seeks to broaden the scope of the 2006 bill to regulate “Tranche 2” entities ( including real estate professionals, professional services such as lawyers and dealers in precious metals and stones) and to simplify and modernise the regime.
The bill’s steady progress through Parliament is pleasing, and LAB experts are digesting its contents and how it will impact our current and prospective clients.
Bank Anti-Scam Practices Under Question
Australian Securities and Investments Commission’s (ASIC) recent report into the anti-scam practices of banks outside the major four (report 790) examines the scam prevention, detection and responses of 15 banks. The report highlights the significant variability in the banks’ scam strategies and governance maturity.
“We expect all banks, regardless of their size, to pull their weight in the fight against scams,” said ASIC Deputy Chair Sarah Court.
Backup Practices May Undermine Cyber Resilience – APRA
As part of its heightened supervisory focus on cyber resilience, The Australian Prudential Regulation Authority (APRA) has noted common backup practices – including insufficient segregation between production and backup environments, insufficient control testing coverage and insufficient testing capability – that may undermine cyber resilience.
It notes that although many entities have backup practices in place, how they are managed may limit their usefulness in restoring systems following a cyber incident. Backups should be stored securely, preferably off-site or in the cloud, and tested regularly to ensure they can be restored effectively.
You can read APRA’s full Interim Policy and Supervision Priorities update here.
The use of regular backups is one of the Essential Eight prioritised cyber mitigation strategies, as outlined below.
Essential Eight of Cyber Mitigation Strategies
The Essential Eight cybersecurity strategies from the Australian Cyber Security Centre (ACSC) help organisations strengthen their defences against cyber threats. LAB Group ensures these strategies are embedded into their day-to-day business operations.
The strategies recommend a layered approach to security and addressing the most common and impactful attack vectors. This ensures organisations have a solid foundation for their cybersecurity efforts, improve their resilience to attacks, and better protect their data and systems from evolving threats.
The Essential Eight are summarised below.
1. Application Control
-
- Application control ensures that only trusted and approved software can run on a system, reducing the risk of malicious code execution and exploitation.
2. Patch Applications
-
- Applications such as operating systems frequently have vulnerabilities that attackers can exploit. Vendors regularly release patches to fix these vulnerabilities. Applying these patches promptly helps close security gaps and protect systems from known threats.
3. Configure Microsoft Office Macro Settings
-
- Macros are scripts that can automate tasks in Microsoft Office applications. However, they can also be used to deliver malicious payloads. By configuring macro settings to limit or disable their use, organisations can reduce the risk of malware infections spread through malicious Office documents.
4. User Application Hardening
-
- User application hardening protects an organisation from a range of threats including malicious websites, advertisements running malicious scripts and exploitation of vulnerabilities in unsupported software. It limits the opportunities for attacks by removing unnecessary system applications and restricting application functions vulnerable to malicious use.
5. Restrict Administration Privileges
-
- Effective user account management includes implementing strong password policies, managing user access rights, and ensuring that only authorised personnel can access sensitive information.
6. Patch Operating Systems
-
- Operating systems also have vulnerabilities that need to be patched. Keeping operating systems up to date with the latest security patches helps protect against exploits that could be used to compromise systems.
7. Multi-Factor Authentication (MFA):
-
- MFA enhances security by requiring more than one verification form before granting access to systems or data. This typically involves something you know, like a password, something you have, like a smartphone or something you are, such as biometric data.
8. Regular Backups
-
- Regularly backing up critical data and systems is essential for recovery in case of data loss due to cyber incidents. Backups should be stored securely, preferably off-site or in the cloud, and tested regularly to ensure they can be restored effectively.
Ready to enhance your organisation’s cyber resilience? Book a demonstration of our onboarding and Customer Lifecycle Management platform to see how you can leverage LAB’s technology to safely handle and protect your customer data.