APRA puts financial institutions on notice on data backup adequacy

11:32am on 3 June 2024

The news: The prudential regulator has asked businesses to proactively implement strategies for data backup adequacy and to limit the risk and impact of cyber-attacks amid rising threats.

The numbers: The Australian Prudential Regulation Authority (APRA) said it had identified the use of data backups as a key area of weakness in cyber resilience practices and reminded regulated entities that the use of regular backups is one of the eight essential prioritised cyber mitigation strategies.

The regulator said it expects to share insights into common areas of weakness in coming months.

The context: APRA’s warning comes just weeks after a data outage at UniSuper after Google Cloud deleted the superannuation giant’s subscription and client data due to an inadvertent misconfiguration by Google staff. UniSuper was forced to restore the data from a backup, but it caused days of outage.

APRA’s operational resilience general manager Alison Bliss noted that while many entities have backup practices, there were common problems limiting their use including insufficient segregation between production and backup environments, a lack of control testing coverage and rigour to ensure backups are protected from compromise, and insufficient testing of capability to recover systems and data within tolerance levels from backups.

The source: APRA

APRA puts financial institutions on notice on data backup adequacy

Sign up to The Edition Sign up to The Edition Signed up to The Edition

Sign up to Standup Sign up to Standup Signed up to Standup