Scam emails are becoming more sophisticated - but there are still some obvious ways to spot them: see link.
RBNZ recently published a guide on how to build cyber resilience. Deputy Governor and General Manager of Financial Stability Geoff Bascand noted that the cyber space has been identified as a significant source of operational risk for financial institutions. The guideline focuses on what RBNZ’s expectations are and uses material from national and international cybersecurity standards. Bascand announced that a draft guideline has been published and is open for feedback.
“The Reserve Bank – Te Pūtea Matua is today releasing draft guidance on what regulated entities should consider when managing cyber resilience.
The cyber world has long been recognised as a significant source of operational risk for financial institutions, Deputy Governor and General Manager of Financial Stability Geoff Bascand says.
The draft guidance, which is open for feedback, outlines the Reserve Bank’s expectations around cyber resilience, and draws heavily from leading international and national cybersecurity standards and guidelines.
“As cyber risk continues to rise, there is growing awareness that cyber incidents could present risks to the stability of the entire financial system. Improving cyber resilience has become a key priority for prudential regulators around the world,” Mr Bascand says.”
RBNZ is set to run the consultation until 29 January 2021 as they believe the management of cyber resilience is a shared responsibility. The guideline works around related publications from other official agencies. After the 14 weeklong consultation period, RBNZ will release the final guideline.
“We recognise that managing cyber resilience is a shared responsibility and that it is important to collaborate and coordinate with all relevant stakeholders. The proposed guidance and our information collection plans have been designed to complement the work of other government agencies with a direct interest in promoting cyber resilience in the financial sector – including the Financial Markets Authority, the National Cyber Security Centre and the Computer Emergency Response Team.”
The consultation is open for 14 weeks and closes on 29 January 2021. The Reserve Bank will release the final guidance early next year.” Click here to read more
In other news
27 Aug 2020 – FMA announced the appointment of Paul Gregory to the newly created role of Director of Investment Management.
27 Aug 2020 - RBNZ have issued advice to the financial services sector from the National Cyber Security Centre regarding recent cyber attacks that appear to be aimed at the financial services sector. The most high profile example has been the NZX experience. However, other companies may expect to be attacked.
Todd Allan has been appointed as the Head of Adviser Distribution. This promotion comes after the departure of Craig Winterburn, who was the General Manager Distribution. In his new role Todd will be focused on supporting advisers.
“A key focus for Allan and his team of business managers and business account managers will be supporting advisers through a period of change.
“The new financial advice regime, conduct and culture changes and, more recently, Covid-19 are all having an impact on our business, our distribution partners and the broader industry.” Click here to read more
In other news:
Look we found a post about Cyber Smart Week that relates to insurance: AIA's Chief Technology Officer Shane Ohlin has put together this article showing the top 5 tips for being cyber smart. Of course, we all use technology and cloud services and this applies to all of us anyway. In an interesting social trend,
Here are some other good resources:
- CertNZ have this cyber security quiz you can take to check out how good your cyber security habits are, and then it provides tips to improve your online safety
- The Economist has this piece on why so many people fall for financial scams
- The FMA has this piece on cold-callers with share scams - just to ensure that you don't fall for the idea that all scams are online
As digital regeneration of business gathers pace, cyber attack risks increase.
'Connected technologies like artificial intelligence, drones, robotics or wearable sensors have the potential to be game-changers. But business owners beware, connected technologies also increase the chances of a cyber attack because they give cyber-criminals new access points if not properly protected. Research shows that 91 percent of business owners use one of these technologies, but 48 percent are unconcerned they will increase the likelihood of a cyber-attack.'
Click here to read more. Once upon a time business premises in the real-world had to be significantly hardened due to the presence of cash in almost every shop, office, and factory. Today, that risk has shifted away (excepting high cash shops, and certain types of activity like bars) towards scams, phishing, ransomware, and more.
Tom Hartmann at Sorted has this guide to spotting scams. Link.
The FMA has been warning consumers about boiler room scams, a worthy task. Apparently there has been a big increase in the number of complaints - and I guess that the number that actually complain is much smaller than the number that have been ripped off.
These scammers, confidence tricksters, or common thieves, will call you - at home, on your mobile, or contact you by email. They range from the laughably amateur, to the scarily slick. Get across it, read up a bit, have a chat to your family (including teenage kids, anyone that might actually answer the phone) and get hard: just hang up. They may call back. Hang up again!
Meanwhile, watch this guy, who gets high quality entertainment out of scams.
With a brief pause for thanks and a nod to fortune I have to say that we are pretty careful in our office. So when one of the team received an email that has been made to look like it was from me, but asked for details of how much money was at hand, and whether an urgent transfer could be made today, they immediately suspected it was a con. It was brought to my attention and will feature as a good example - we like to catch people doing things right, and celebrate them - in our next team meeting. It is also a reminder that even small businesses need good processes: the way our financial management is set up this kind of attack could not be successful, it did not rely solely on a human identifying the problem - we have systems. Systems can operate even with people being absent-minded, away, or replaced with an inexperienced person.
There has been an incredible increase in cyber attacks in New Zealand. An inflection point has passed with more than 100 businesses per week suffering the encryption - ransom attack. I hope that more effective counter measures can be develop and in the meantime suggest that you practice good general security, and read this: link.