The chief security officers of Australia’s big four banks have likened combating cybersecurity attacks to playing a team sport.
“I think I’m not alone in saying that we see cyber as very much a team sport,” Commonwealth Bank of Australia CISO Keith Howard said during the virtual Cyber Live event on Wednesday.
“The competitors, from my perspective, is not [the other banks], it’s the attackers … at the end of the day, we’re stronger when we work across industry, across education, and also work across government as well.”
This joint security effort between the big four occurs regularly, according to National Australia Bank CSO Sandro Bucchianeri.
“What we typically do is we would talk about indicators of compromise and share our threat intelligence so that we can better defend ourselves because something I see at NAB, Richard may not have seen it at Westpac, or Lynwen [at ANZ] may have also seen it, so we try to compare notes essentially — and that helps us protect the wider Australian community as a whole,” he said.
Bucchianeri also emphasised the importance of having diverse skill sets to make up a strong cybersecurity team.
“Just like soccer, where you have strikers, defenders, midfielders, goalkeepers, doctors, coaches, nutritionists, and the list goes on, we are looking for new diverse talent that will help us better defend the organisation. Something that I’m personally very excited about is training visually impaired students to become cybersecurity professionals,” he said.
From ANZ CISO Lynwen Connick’s perspective, diversifying the cybersecurity sector is not only just about gender, but also bringing in people from other fields like psychology, media, and fashion.
“People come from all different walks of life, and that’s really important from a diversity point of view as well because you get that diversity of thought,” she said.
“People have had different training, different experiences coming into cybersecurity because cybersecurity is really part of everything we do, so we need all sorts of different people.”
The need to boost Australia’s cybersecurity skills comes at a time where cyber attacks are no longer synonymous with a specific sector or enterprise — rather it’s hurting all sectors. A prime example was when global meatpacker JBS last year paid $11 million in Bitcoin to cyber attackers that encrypted its files and disrupted operations in the US and Australia with ransomware.
As BT Australasia cybersecurity head Luke Barker puts it, compared to a decade ago, there was nowhere near as many targeted activities towards organisations that run operational networks, such as manufacturing, mining, energy, and water, as there are today.
“Ten years ago, I don’t think the adversaries were targeting those types of industries as much,” he said.
“Whereas I look now and most of the organisations we work with, we’re seeing a significant rise in cybercrime against organisations that run those types of environments because the impact is so big.
“If you’re having to take down an organisation’s manufacturing facility, that is the number one source of revenue, so the impact of their business and the likelihood of them potentially paying a ransom is going to be more so than say their website goes down, when their core business is manufacturing.
“We’re seeing that shift towards what’s going to create the biggest impact and where are the crown jewels for that organisation.”