Some of Australia's largest superannuation funds have been targeted by a major cyber attack; with about $500,000 stolen and member data breached across thousands of accounts. An RMIT expert explains.
Professor Matthew Warren, Director of the RMIT University Centre for Cyber Security Research and Innovation (CCSRI)
"Stronger multi-factor authentication should be implemented for all customers."
"This major cyber attack clearly highlights the weak authentication measures implemented by the Australian superannuation industry."
"Multi-factor authentication significantly enhances cyber security by requiring multiple forms of verification to access systems or accounts, such as using a code generator to generate a unique code or entering texted code."
"The financial service council last year released a mandatory standard to ensure multi-factor authentication is implemented for customers by July 2026. The same standard also describes alternatives like biometrics and one-time passwords."
"However, superannuation funds can allow customers to opt out of multi-factor authentication in cases where, in the superannuation fund's opinion, the use of multi-factor authentication is unduly onerous. Stronger multi-factor authentication should be implemented for every customer, with no exception."
Professor Matthew Warren is director of the RMIT University Centre for Cyber Security Research and Innovation. He is an expert in cyber security and computer ethics.
***
