Data systems of the Reserve Bank of New Zealand have been hacked

February 12, 2021
Author: Feroze Ashraff
Summary:

  • In January 2021, a third-party file-sharing application (a legacy Accellion file-sharing system called File Transfer Application), which is used by the Reserve Bank of New Zealand to share and store some sensitive information, has been identified as the source of the breach.

  • Governor Adrian Orr said information had been illegally accessed but the breach had been contained and the bank was treating the matter with the "highest priority and acting with urgency".

  • Dave Parry, Professor of Computer Science at Auckland University, told Radio New Zealand that another government was likely behind the bank data breach.
    “Ultimately if you were coming from a sort of like criminal perspective, the government agencies aren’t going to pay your ransom or whatever, so you’d be more interested probably coming in from a government-to-government level,” Parry said.

  • Consulting on planned changes to improve IT services including data security, the bank reported it was at "high operational risk" due to technical obsolescence and an underinvestment in security across many of its core technology platforms.

  • Several major organizations in New Zealand have been the target of cyber-attacks in the past year, including the New Zealand Stock Exchange which had its servers knocked out of public view for nearly a week in August.

As a security expert, what would you have done to protect your organization?

Spend more money and resources to create more robust:

  • Policy, processes & procedures?
  • Technical risk mitigation strategies (hardware and software) such as Firewalls, SIEMs, Antimalware, Access control mechanisms, etc.?
  • Insurance as a form of risk transference?
  • Staff training?

Which solution would you choose if you had a limited budget? Which solution would give the best Return on Investment (ROI)?

If this topic interest you, or if you want to pursue IT Security as a possible career path, then achieving a CompTIA Security+ certification would be my recommendation. This cert would prove that you have the knowledge and skills needed to (as a steppingstone professional qualification) start your journey in Cyber Security.  


References

  • Frost, J. (2021, January 11). New Zealand central bank investigating hacking incident. Retrieved from Financial Review: https://www.afr.com/companies/financial-services/rbnz-hacked-systems-offline-20210111-p56t5h
  • Pointon, N. (2021, January 11). Reserve Bank of New Zealand says it wasn't directly targeted in cyber attack. Retrieved from RNZ: https://www.rnz.co.nz/news/business/434359/reserve-bank-of-new-zealand-says-it-wasn-t-directly-targeted-in-cyber-attack
  • RNZ. (2021, January 11). Reserve Bank likely hacked by another government - expert. Retrieved from Stuff: https://www.stuff.co.nz/national/300202036/reserve-bank-likely-hacked-by-another-government--expert

Looking for something specific or in need of tailored training solutions for your business? Get in touch with us today!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.