APRA shares further insights on common cyber control weaknesses
The Australian Prudential Regulation Authority (APRA) has written to all regulated entities to provide further insights and guidance on common cyber control weaknesses. This letter is part of APRA's ongoing commitment to supervising cyber resilience across industry, and follows the previous letter on the security and adequacy of back-ups.
The letter details the common issues observed in terms of security in configuration management, privileged access management and security testing. APRA expects regulated entities to review their control environment against these common weaknesses and address any identified gaps promptly.
The letter is available on the APRA website at: Additional insights on common cyber resilience weaknesses.
The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the financial services industry. It oversees banks, mutuals, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry. APRA currently supervises institutions holding around $9 trillion in assets for Australian depositors, policyholders and superannuation fund members.