31 Jan Banking on loyal reserves
Just when you thought New Zealand had reached the pinnacle of Australia’s envy they once again prove that taking professionalism and accountability to a national issue is the ultimate response. On 11 January, Reserve Bank of New Zealand became aware that they had been a victim of a malicious, illegal [security] breach of a third-party file sharing application. They immediately, upon learning of the attack, released a statement that will see them fund an independent review to ensure they uncover any data implications and secure digital vulnerabilities that might make them a future target. They believe they fell short of the standards expected of their stakeholders and the community. The system was quickly secured and taken offline following the breach.
The Governor of the Reserve Bank Andrew Orr, gave an unreserved apology and took full responsibility for the third-party breach and has been guided by preparedness and responsiveness and a commitment to transparency and accountability. Although Orr did lay some blame on Accellion FTA, the security software that stores and shares sensitive information, reporting they had not met the full obligation of the Reserve Bank’s standards. The current investigation being undertaken by KPMG will include a comprehensive review of risk management and file sharing.
Following this attack, reported on 15 January, Australia’s Australian Securities Investment Commission was hit with a similar breach on a server using the Accellion FTA software. The response was minimal: no public face, no apology and very little accountability and transparency. No calls for an independent review and no updates since.
Faster Networks’ first blog of 2021 was about the SolarWinds security disaster, moreso it was about a company in freefall doing everything in its power to investigate a problem with efficiency and humility with design outcomes that worked for clients and any third parties affected. This trend seems to be continuing, companies and organisations that see a problem and not only fix it but come to terms with the fallout for their customer base and their financial bottom line via thorough independent yet collaborative investigation.
Last year the Australian Cyber Security Centre (ACSC) campaigned to have companies and government organisations report hacking events early to help protect and prepare other businesses of cybercrime and security incidents and ideally minimise damage and increase awareness. Andrew Orr said in his latest presser, “cyber threats need to be taken seriously by all organisations – and preparedness and responsiveness are key.” Here, here.
Faster Networks help businesses protect their digital assets. We are a cyber security partner that brings the best software solutions that anticipate and fix digital vulnerabilities. Our areas of expertise includes Vulnerability Management, Security Orchestration Automation and Response (SOAR), Application Security, Infrastructure Security, Distributed Denial of Service (DDoS) Protection and Application Pentesting.