Cyber security ‘major focus area’ for super fund, says executive

By DALE LUMA
CYBER security is one of the major focus areas for the National Superannuation Fund (Nasfund), says chief executive officer Ian Tarutia.
“Cyber security, threats and the impact of potential attacks are always a serious risk and high on our organisation risk register in terms of monitoring and addressing matters as and when they occur,” Tarutia said.
“Nasfund’s fund administrators (Kina) have their own measures of security related to network links, systems and administered by capable technical personnel domestically and in the region.
“Administration and security of fund admin systems, including the member online web application and mobile portal, is managed by the fund administrator.
“Internally, at Nasfund, we have secure private network links to Kina systems and between headquarters and the 19 branches in PNG.”
Tarutia explained to The National that the fund’s awareness and measures on cyber security to ensure protection of its member’s information and funds. “Nasfund conducts annual penetration testing, which includes an external cyber-security firm, conducting ethical hacking of our infrastructure to ascertain vulnerabilities in our network and internet-facing systems,” he said.
“These vulnerabilities are communicated and appropriate steps are taken to address these deficiencies. Unsuspecting Nasfund staff are also a potential insider threat involuntarily, as a result of socially engineered phishing attacks; for example emails that seem genuine but contain malicious content/links.”
Tauritia said because of such threats they conduct quarterly cyber-security awareness.