Consider the wider footprint of the financial services market, particularly relating to institutional banking and investments, e-commerce, international trade and a range of financial instruments, one can appreciate the extent to which the eco-system is subjected to a range of attacks that need to be mitigated.
Australia’s trusted cyber security advisor for banking and finance
Throw in supply chain risks and the this adds another dimension of exposure. In our highly inter-connected world where we expect rapid response, easy-to-use systems and products that are underwritten with guarantees, it becomes imperative to have Information Security Management Systems that address the breadth and depth of your business.
Cyber security is a key risk
for banks and financial institutions
APRA has released Prudential Standard CPS234 addressing cyber security, and the Reserve Bank of Australia has identified cyber security as a core challenge for Australia’s financial system. The RBA noted that “Globally, the financial services and energy sectors account for the largest share of cyber incidents involving nationally important systems. The risk of cyber-attacks in the financial system has increased due to a rapid rise in the digitalisation of services and use of third-party providers has increased the sector’s online footprint. Increased use of technology and digital records in banking, such as the introduction of open banking over the coming year, could raise additional cyber risks. As a result, cyber security will be a core challenge for the financial system for years to come.”
The RBA identifies four areas of specific concern:
- Data breaches, where attackers steal sensitive data, such as the Equifax data breach in 2017 which compromised 147 million people
- System disruptions, where attackers make systems unavailable, such as the 2016 Australian Census denial of service attack
- Integrity of data attacks, where attackers deliberately alter information to make it unusable, such as the 2016 release of altered World Anti-Doping Agency records, and
- Financial attacks, where thieves or extortionists use fraud or ransom attacks to steal funds, such as the theft of US$81m from Bangladesh Bank in 2016 via their SWIFT systems.
Sense of Security’s highly regarded cyber security specialists have been working with banks and financial institutions to stay ahead of security threats for nearly 20 years. We can challenge your systems, tighten your processes and advise you on the changing security landscape to keep you ahead of the game.
What we do
We are trusted providers of cyber resilience, information security and risk management services that can help secure your reputation, as well as your business and its clients.
Our team has deep experience providing data protection, system security and data integrity, and in shutting the doors against financial attack for financial clients. We can work with your business on an ongoing or retainer basis.
Some of the services we offer include:
Prudential Standard CPS234 services
We can review your system capability against APRA’s Prudential Standard CPS234 and identify which gaps need to be closed for you to comply. We can also run the project to bring you into compliance.
PII data security
We can provide advice on how to protect personal identifiable information (PII), which is highly sensitive in nature.
Data breach notification
Sense of Security can advise you on policies and procedures to meet your data breach notification requirements. In the rare event of a breach, Sense of Security can oversee your response, advise on any potential pitfalls, and suggest improvements.
Red team, Blue Team, Purple Team
Red team exercises are the most rigorous test of your security systems. Sense of Security’s red team think like real attackers to find any weaknesses in your controls. We can also work with you on the defence side (blue team) and for the broadest coverage we provide red-blue blended testing and response services called purple teaming.
ISO 27001 compliance
ISO 27001 compliance and certification demonstrates that your systems meet, and are managed to, international standards. Certification is required for many government, healthcare, financial and defence clients.
Sense of Security is your trusted cyber security partner in the Banking and Finance sector.
Relevant industry case studies
Australian superannuation fund
Our client is an established superannuation fund which had not previously sought compliance with ISO 27001 for its information security management system.
Sense of Security was engaged to perform high-level ISMS discovery and to audit against the requirements of ISO 27001, as well as to develop a security framework to meet the requirements and an implementation strategy for the system and documentation to support it.
The project involved multiple work streams across several departments over a year.
- Developed all the formalised ISMS documentation including the Charter, Statement of Applicability, Risk Management Framework, Information Security Policy, Access Control Policy and Acceptable Use Policy
- Performed a risk and maturity assessment
- Developed a strategy roadmap to improve the risk maturity of the organisation in the future
- The business achieved certification to ISO 27001
- Sense of Security is now retained as our client’s cyber security partner to provide services that include vulnerability management, incident response services (24×7) and frequent briefings to the board
- We now operate our client’s whole-of-business ongoing Security Awareness program
A fin tech service provider to the wholesale markets
Our client provides various bespoke market analytics and algorithms to wholesale markets traders via the cloud. All the solutions are bespoke, developed in-house using a cloudfirst approach, resulting in multiple software releases each month. The client wanted to tighten security and future-proof its business by aligning their business to ISO27001 with a view to certification in the short term.
- Sense of Security performed a gap analysis and action plan which brought the client into alignment with ISO 27001
- The client worked with Sense of Security on DevSecOps security and improving the application and network architecture to improve controls and security
- Sense of Security performed extensive penetration testing as a validation of the system