ASIC cybersecurity

Cyber Risk Update from ASIC

In the May Market Integrity Update, ASIC addresses a critical element of cyber security – the importance of mitigating third-party cyber attacks. It is no longer sufficient for organisations to enhance their internal cybersecurity – third party exposures must also be addressed.

ASIC is encouraging organisations to proactively identify critical vendors and pose three key questions:

  1. What level of access do third parties have to your systems? 
    Implement the principle of least privilege to minimise the impact of breaches.
  2. How is third-party access protected? 
    Enable multi-factor authentication and closely monitor third-party credentials to reduce the risk of exploitation.
  3. Where is your data? 
    Understand where sensitive data is stored, especially by third-party providers, to ensure appropriate protection. If you lack control over data protection, assess the potential impact and consider reducing the amount of sensitive data shared.

The Office of the Australian Information Commissioner has developed a guide to securing personal information, including information held by third party providers.

Read ASIC’s update here.

For easy to navigate digital versions of every financial services regulation, sign up for your free version of RegulationCity here.

RegulationCity Logo

Thank you for subscribing to the RegulationCity newsletter. We look forward to keeping you up to date with developments, and we look forward to your feedback.

 

The RegulationCity Team.