Data systems of the Reserve Bank of New Zealand have been hacked

Feroze Ashraff
December 1, 2021

Summary:

  • In January 2021, a third-party file-sharing application (a legacy Accellion file-sharing system called File Transfer Application), which is used by the Reserve Bank of New Zealand to share and store some sensitive information, has been identified as the source of the breach.
  • Governor Adrian Orr said information had been illegally accessed but the breach had been contained and the bank was treating the matter with the "highest priority and acting with urgency".
  • Dave Parry, Professor of Computer Science at Auckland University, told Radio New Zealand that another government was likely behind the bank data breach.
    “Ultimately if you were coming from a sort of like criminal perspective, the government agencies aren’t going to pay your ransom or whatever, so you’d be more interested probably coming in from a government-to-government level,” Parry said.
  • Consulting on planned changes to improve IT services including data security, the bank reported it was at "high operational risk" due to technical obsolescence and an underinvestment in security across many of its core technology platforms.
  • Several major organizations in New Zealand have been the target of cyber-attacks in the past year, including the New Zealand Stock Exchange which had its servers knocked out of public view for nearly a week in August.

As a security expert, what would you have done to protect your organization?

Spend more money and resources to create more robust:

  • Policy, processes & procedures?
  • Technical risk mitigation strategies (hardware and software) such as Firewalls, SIEMs, Antimalware, Access control mechanisms, etc.?
  • Insurance as a form of risk transference?
  • Staff training?

If this topic interest you, or if you want to pursue IT Security as a possible career path, then achieving a CompTIA Security+ certification would be my recommendation. This cert would prove that you have the knowledge and skills needed to (as a steppingstone professional qualification) start your journey in Cyber Security.