Super Funds Under Attack: Cbus Acknowledges Targeted Cyber Activity

Cbus, an Australian superannuation fund, has reported that it is the latest financial institution to face a surge of unusual cyber activity, stating an “uncharacteristically high rise in log-in attempts” that led to multi-factor authentication (MFA) prompts for several users. Although this harmful activity has not been linked to a known breach yet, it has heightened fears about the cybersecurity resilience of the nation’s super sector.

Cbus indicated that a “small number of accounts might have been affected” and were swiftly deactivated as a precautionary measure. Affected members are currently contacted as part of the fund’s action plan. This attack followed closely after similar reports from other major funds, raising concerns about a potential coordinated attack against Australia’s superannuation sector.

Numerous Super Funds Facing Ongoing Cybersecurity Threats

Cbus is not isolated in confronting this risk. AustralianSuper, Rest Super, and Insignia Financial have all reported relevant cyber activity. Insignia confirmed one of its platforms used by financial advisers was specifically targeted. Each fund has released statements acknowledging these incidents, however, the extent and origin of the threats are still under investigation.

Both the Australian Prudential Regulation Authority (APRA) and the Australian Cyber Security Centre (ACSC) have been informed and are likely to assist in coordinating the sector’s response. These attacks emerge amid rising global cyber threats in the financial sector, coinciding with increasing geopolitical tensions and sophisticated cybercrime groups targeting personal and financial data.

Market Instability Amplifies Member Worries

Compounding the situation is the timing of the attacks, which have coincided with substantial volatility in global financial markets. Cbus and other funds have seen a spike in member inquiries, particularly related to unexpected changes in account balances. The funds have promptly clarified that in most instances, these fluctuations are likely attributable to market dynamics rather than fraudulent actions.

AustralianSuper’s public advisory encouraged members to stay calm, noting, “If you notice a decrease in your account balance that you didn’t anticipate, this doesn’t necessarily indicate fraudulent or suspicious activity on your account.” The fund stressed that market fluctuations are a normal aspect of long-term investing, especially during times of international economic turbulence.

Security Strategies and Member Assurance

All affected super funds have adopted multi-factor authentication measures and are actively observing for any further suspicious activities. Cbus has pointed out that the surge in log-in activity coincided with increased member engagement, which may be tied to market apprehensions rather than a widespread breach.

In an effort to reassure members, AustralianSuper’s Chief Technology Officer Mike Backeberg shared a video outlining the fund’s cybersecurity measures and ongoing investigations. It’s evident that transparency and member communication are priorities in the sector’s response.

The Wider Threat to Australia’s Financial System

The recent series of cyber incidents targeting superannuation funds highlights broader vulnerabilities within Australia’s financial framework. According to the ACSC’s Cyber Threat Report 2022–23, there was a 23% rise in reported cybercrime impacting financial services nationwide. Threat actors are increasingly exploiting stolen credentials, phishing schemes, and botnets to infiltrate secured systems.

Industry professionals suggest that funds should invest more significantly in threat detection, endpoint security, and member education to mitigate the risk of security breaches. Additionally, superannuation members are encouraged to activate MFA, use robust passwords, and remain cautious about phishing emails or SMS impersonations.

Conclusion

Australia’s superannuation industry is under increased cybersecurity threats amidst a coordinated series of suspicious log-in attempts. Cbus is the latest fund to acknowledge a targeted incident, joining AustralianSuper, Rest Super, and Insignia Financial. While it seems only a few accounts were affected, these events raise significant concerns about the sector’s digital resilience. Members are urged to remain calm regarding market-related balance changes and to adhere to best practices in securing their accounts.

Q: What precisely happened at Cbus?

A:

Cbus recorded an unusual spike in log-in attempts, which prompted multi-factor authentication for certain users. A small number of accounts might have been compromised and were proactively deactivated.

Q: Are other super funds facing similar challenges?

A:

Yes. AustralianSuper, Rest Super, and Insignia Financial have all acknowledged related incidents. Investigations are ongoing to ascertain whether the attacks are coordinated.

Q: Is my super balance at risk?

A:

Most balance changes are likely related to global market volatility. Funds have clarified that these are not necessarily the result of cyber breaches. However, members should continue to monitor their accounts regularly.

Q: What should members do if they suspect unusual activity?

A:

Members should reach out to their super fund immediately, review recent account transactions, and change their password. Activating multi-factor authentication is also strongly recommended.

Q: How are the funds responding to the threat?

A:

Funds are collaborating with cybersecurity specialists and government agencies. They have initiated further monitoring and enhanced communication to reassure members.

Q: Could the incidents be associated with stolen credentials?

A:

It’s a possibility. Cybercriminals frequently utilize stolen log-in information obtained from unrelated breaches or phishing attacks to try to gain access to financial platforms.

Q: Are the attacks still ongoing?

A:

Investigations continue. While the initial influx has been addressed, the changing landscape of cyber threats keeps funds on high alert.

Q: Where can I find more information?

A:

Visit your super fund’s official website or TechBest (techbest.com.au) for ongoing news and updates on cybersecurity.

Quick Read: Key Insights

• Laing O’Rourke Australia has adopted AI solutions to transform existing training material into video formats.
• The centralized platform, LOR Learn, offers customized, role-specific education for over 700 staff members.
• AI-driven video scripting is cutting learning expenses while enhancing reach and involvement.
• AI learning pathways are the most sought-after modules on the platform.
• Plans for the future include aligning education with career growth and digitalizing career resources.

AI-Driven Learning Revolution at Laing O’Rourke Australia

Laing O’Rourke Australia, a premier construction and engineering firm in the country, is revolutionizing its employee training approach using artificial intelligence (AI). With their cutting-edge learning platform, LOR Learn, the organization is providing individualized, role-specific education to its workforce of over 700 individuals — all while significantly lowering training costs and enhancing accessibility.

The Introduction of LOR Learn

Launched in 2022, LOR Learn serves as a centralized digital learning platform aimed at making professional development accessible across all sectors. Employees have the opportunity to explore a variety of learning modules designed specifically for their job roles and career goals. This initiative not only offers training but also provides a strategic roadmap for professional advancement, making learning more pertinent and effective.

Helen Fraser, Director of People at Laing O’Rourke Australia, mentioned that the platform is reaching a wider audience than ever, utilizing only a small portion of the prior training budget. This efficiency is largely attributed to the incorporation of AI technology into the creation of educational content.

AI at the Forefront of Content Creation

Conventionally, training video scripts required substantial manual input from subject matter experts or instructional designers. However, Laing O’Rourke now employs three distinct AI tools to automate the transformation of existing resources — including text documents and presentations — into engaging video materials. These AI tools facilitate scripting, formatting, and even voiceovers or animations, allowing for rapid deployment of content.

“We utilize three different AI tools to develop learning programs by converting current content into videos,” Fraser elaborated. This transition not only accelerates production time but also ensures that the content is current, relevant, and easily digestible for employees across various functions.

Learning About AI via AI

Notably, one of the most popular offerings on LOR Learn is an educational pathway centered around artificial intelligence itself. This module provides staff with insights into various AI tools and their effective application in daily tasks. It also outlines the company’s wider strategy regarding AI integration.

“It’s been the most sought-after learning pathway,” Fraser commented. “It aids individuals in understanding how to use these tools more effectively and how they can assist in their roles.”

Digitalizing Career Pathways

As they look forward, Laing O’Rourke intends to enhance LOR Learn by closely aligning learning modules with established career pathways. The ambition is to digitalize what Fraser describes as “career toolkits.” For example, an engineering professional could pursue a structured development route from site engineer to project engineer and finally to project manager, with LOR Learn supplying tailored educational content suitable for each phase.

“Our goal is to truly connect it with individuals’ jobs,” Fraser stated. “It’s about integrating the entire employee lifecycle. LOR Learn will serve as the platform that comprehends your role, your objectives, and delivers what is necessary for your growth.”

Wider Implications for the Australian Workforce

Laing O’Rourke’s adoption of AI-enhanced learning signifies a larger movement throughout Australia, where sectors are embracing digital transformation to overcome skill shortages and enhance workforce flexibility. A 2023 report from the Australian Industry Group indicates that more than 75% of Australian firms are actively investing in digital educational technologies to ensure a robust workforce for the future.

By infusing AI into training and development, Laing O’Rourke is establishing a standard for how construction and engineering companies can modernize training delivery, maximize returns on investment, and empower their workforce with essential skills for success in a rapidly changing industry.

Conclusion

Laing O’Rourke Australia is harnessing the power of artificial intelligence to revolutionize its training methods for employees. Through the LOR Learn portal, the organization provides personalized, AI-generated learning pathways tailored to job roles and career ambitions. This strategy has dramatically lowered costs while elevating employee engagement. With aspirations to further align education with career advancement and integrate AI training, Laing O’Rourke is paving the way for digital workforce development within the construction industry.

Q: What is LOR Learn?

A:

LOR Learn is the centralized digital learning platform of Laing O’Rourke Australia, offering customized, role-specific training modules to aid employee growth and career progression.

Q: How is AI utilized in employee training at Laing O’Rourke?

A:

AI tools are employed to convert existing documents, presentations, and training materials into video formats. These tools facilitate quick scripting and formatting, simplifying the process of updating and disseminating educational programs.

Q: What advantages does AI provide for training content?

A:

AI significantly minimizes the time and costs involved in creating educational materials. It also guarantees that content is leveled, scalable, and engaging for employees across diverse roles and locations.

Q: Why is the AI learning pathway the top choice on LOR Learn?

A:

Employees are eager to grasp how AI tools can enhance their work processes. The popularity is likely a result of the practical uses of AI in everyday tasks and the broader fascination with how AI is influencing the future of employment.

Q: How does LOR Learn facilitate career development?

A:

The platform provides structured learning pathways aligned with specific job functions. For example, engineers may follow guided modules that assist them in advancing from junior to senior roles, with LOR Learn recommending training resources suitable for each step.

Q: What are Laing O’Rourke’s future plans for LOR Learn?

A:

The organization aims to further digitalize its career toolkits and better integrate learning with individual career trajectories. This includes utilizing LOR Learn to proactively suggest relevant content based on an employee’s role, objectives, and performance metrics.

Q: How does this initiative compare to industry trends in Australia?

A:

Laing O’Rourke’s implementation of AI in training corresponds with wider efforts nationally to digitize education. Numerous Australian businesses are adopting similar technologies to address skill shortages and enhance workforce agility.

ASIC Enhances Cybersecurity Framework with CISO Appointment

The Australian Securities and Investments Commission (ASIC) has appointed Jamie Norton to the position of Chief Information Security Officer (CISO) as part of its commitment to strengthening its digital and cybersecurity infrastructure. This transition comes after a strategic evaluation that led to the reclassification of the CISO role as a senior executive leader position, highlighting the critical nature of cybersecurity in the realm of financial regulation and public governance.

Jamie Norton, ASIC

Jamie Norton Brings Extensive Cybersecurity Knowledge

Norton’s induction signifies a crucial turning point for ASIC. He arrives with extensive expertise, having recently worked as a partner at McGrathNicol, a firm specializing in advisory and restructuring. Prior to this, he served as the CISO at the Australian Taxation Office (ATO) from 2018 to 2021, where he played a key role in establishing advanced cybersecurity measures and overseeing substantial digital infrastructure.

Furthermore, Norton has occupied high-ranking positions at NEC Australia and global cybersecurity firm Check Point, providing him with a comprehensive perspective on the cybersecurity challenges faced by both the government and private sectors.

Reclassification Highlights ASIC’s Cybersecurity Goals

The reclassification of the CISO role to a senior executive level emphasizes ASIC’s acknowledgment of cybersecurity as a vital function. During the recruitment process, ASIC stated that this adjustment “illustrates the significance ASIC assigns to the CISO role, especially as we progress in our goal to become a data-driven, digitally capable regulator.”

This decision is in line with broader movements within the Australian public sector, where agencies are increasingly elevating cybersecurity leadership to executive levels in light of escalating threats and public concerns stemming from major data breaches in recent times.

Organizational Shifts Indicate a New Chapter for ASIC

Norton’s appointment follows another important leadership shift at ASIC. In February, the previous Chief Data and Analytics Officer, Darshil Mehta, left after five years to join King & Wood Mallesons. The consecutive changes signal that ASIC is undergoing a significant overhaul of its digital leadership, with a refreshed concentration on technology, security, and data analytics.

These modifications are likely components of ASIC’s comprehensive strategy aimed at improving its regulatory efficiency and resilience in an ever-changing financial and technological environment.

Cybersecurity Gains Prominence in Government Agencies

The elevation of the CISO position at ASIC reflects a larger trend seen across government bodies at both federal and state levels. Following significant cybersecurity events affecting organizations like Optus and Medibank, there has been a focused effort to elevate the cyber maturity of the public sector. The Australian Cyber Security Strategy 2023–2030 articulates an aspiration for Australia to emerge as the most cyber secure nation by 2030. ASIC and similar agencies are anticipated to play a crucial role in this national directive, both as regulators and exemplars of cyber resilience.

With Norton in charge, ASIC is poised not only to safeguard its own digital infrastructure but also to shape the cybersecurity practices of the financial sector through its regulatory oversight.

Summary

Jamie Norton’s selection as ASIC’s new Chief Information Security Officer signifies a strategic advancement towards strengthened cybersecurity governance within the commission. With a background that spans both public and private sectors—including his tenure at the ATO, McGrathNicol, and NEC Australia—Norton’s proficiency will be critical in steering ASIC through its digital evolution. The elevation of the CISO role to senior executive status underscores the regulator’s dedication to cybersecurity as a primary focus, aligning with national initiatives to bolster cyber resilience across Australian organizations.

Q: Why did ASIC change the classification of the CISO role?

A:

ASIC redefined the CISO role to that of a senior executive leader to signify the increasing significance of cybersecurity in its functions and regulatory duties. This adjustment ensures that the role possesses greater strategic impact and aligns with the organization’s digital transformation objectives.

Q: Who is Jamie Norton, and what are his qualifications?

A:

Jamie Norton is a well-regarded cybersecurity professional with vast experience in both the public and private sectors. Before assuming his role at ASIC, he worked as a partner at McGrathNicol and served as CISO at the Australian Taxation Office. He has also held senior positions at NEC Australia and Check Point.

Q: What implications does this appointment have for ASIC’s cybersecurity strategy?

A:

Norton’s onboarding signals a reinforced emphasis on cybersecurity at ASIC. As the CISO, he will oversee the enhancement of the organization’s cyber capabilities, support regulatory efforts, and contribute to national cyber resilience initiatives.

Q: How is this development consistent with wider public sector cybersecurity trends?

A:

This initiative aligns with a general trend among Australian government entities to elevate cybersecurity leadership due to rising cyber threats. It represents a strategic shift to approach cybersecurity as a matter of executive-level importance.

Q: What other leadership changes have taken place at ASIC recently?

A:

In addition to Norton’s appointment, ASIC’s Chief Data and Analytics Officer, Darshil Mehta, recently departed the agency after five years to join King & Wood Mallesons. These transitions indicate a wider reorganization of ASIC’s digital leadership.

Q: How will Norton’s experience in both private and public sectors benefit ASIC?

A:

Norton’s diverse experience equips him with a profound comprehension of cybersecurity from both operational and strategic angles. His ability to connect government compliance with private sector innovation is expected to enhance ASIC’s cybersecurity capacity.

Q: What are ASIC’s broader ambitions as a regulator in a digital landscape?

A:

ASIC aspires to evolve into a data-driven, digitally proficient regulator capable of proactively monitoring and mitigating risks within Australia’s financial systems. Fortifying its cybersecurity framework is a foundational component of this evolution.