As a leading cyber security firm we’ve been closely following the latest cyber attack directed at NGS Super, a significant Australian superannuation fund. In our opinion, this incident shows a growing challenge that all organisations face – not just the financial industry. Organisations across Australia are experiencing serious cyber threats and attacks. Schools are a potential target as is any other organisation. The threat of cyber attacks is even amplified within schools because communities are comprised of staff, students and parents. In this particular incident, schools specifically are at increased risk of Phishing with NGS being the major super fund for school staff. There will be many individuals who’ve had their personal details breached. This incident highlights the urgent need for strong Cybersecurity measures to be put in place within schools. This recent attack is a reminder of the risks that IT systems and Cybersecurity present to schools.
All Organisations Are At Risk Of Cyber Attacks
A day before NGS’s disclosure of the cyber attack, Crown Resorts stated it was investigating a potential data breach and Latitude Financial confirmed that the data of millions of past and present customers was stolen in a cyber attack on March 16, 2023. These events follow several other cyber security breaches in recent months, including Rio Tinto, Medibank and Optus. All industries and organisations are at risk of cyber attacks, including schools.
The Effect on Individuals and Schools
From the information that’s currently accessible about the NGS Super cyber attack, it appears that the attackers were able to obtain illegal access to private information that belonged to the members of NGS Super. Personal data including names, addresses, dates of birth, and other sensitive information may be included in this data. The attackers likely gained access to financial data and account information. NGS members will need to exercise caution with their personal accounts and look out for suspicious activity.
Data would not only be leveraged by hackers to attack individuals but also schools. NGS Super, as a sponsor of the Association of School Business Administrators, would have records of finance and business contacts of each independent school. These schools are key stakeholders for NGS Super and its clients.
NGS Super has issued a notice to “be alert to all communications and transactions and stay vigilant to any phishing scams that may come to you by phone, post or email”. The NGS cyber attack demonstrates not only the possible financial harm to individuals and schools but the potential harm to an organisation’s reputation. Consumers may well stop trusting the distressed company which could have long-term repercussions for business.
What We Can Learn From the NGS Attack In Schools
In educational settings, IT and cyber risk are often not universally understood. Cyber risk, in particular, is almost always under-reported and schools overestimate their ability to put appropriate controls in place to reduce the resultant risk.
In addition, IT staff tend to have less of an appreciation of the business significance of cyber security. More often than not, IT sees cyber security as a box to tick and will adopt a simple tool-based response rather than taking a strategic approach that gives confidence to school executives. When we see the impact of cyber attacks in other industries it brings the message home that Cybersecurity for schools is critical. It also allows us to see how in schools we’re interconnected with other organisations with large communities of staff, students and parents.
In education, we can learn the necessity of preventative measures to safeguard schools from online dangers such as hackers and cyber attacks. As a cyber security business, we firmly advise all enterprises to use strong security measures like firewalls, intrusion detection systems and data encryption. Frequent security audits and penetration tests can also aid in finding vulnerabilities before attackers can use them. While prevention is always better than a cure the growing number of attacks and the increased risk after NGS means that schools should have a tested Cybersecurity incident response and recovery plan. Aligning with the NIST Cybersecurity Framework and working with a specialist partner is a great starting point here.
The cyber attack on NGS Super serves as a sobering reminder of the necessity of putting in place strong Cybersecurity measures in any industry. NGS Super who is a platinum-rated Industry SuperFund for teachers were not immune to a severe cyber attack. The hackers would’ve gained access to considerable sensitive financial and employment information about schools and their staff, and as such schools should be alert to increased weaponisation of this information in future cyber and identity attacks.
As a cyber security firm, we’re prepared to help schools defend themselves from these dangers and lessen the possible effects of a cyber attack. If you’re a previous or current NGS Super customer who might’ve been impacted and need assistance with how you should respond to the cyber attack, contact us at firstname.lastname@example.org.