Security, honesty & the trust business

Mike Bullock

Chief Operating Officer, ANZ New Zealand

In a digital world where anything can be hacked – from a car to a pacemaker – what does it mean for those of us in the ‘trust’ business?

At its very core, banking is about trust. Banks were founded to keep people’s money safe.

We used to do this with iron bars and vaults, then sophisticated alarm systems. Today, data is the most valuable currency. Banks should think about data in the same way we thought about cash 175 years ago.

We have a good foundation for this. Security is in a bank’s DNA and it’s a powerful advantage in a world of would-be disruptors.

" It’s easy to feel helpless when it comes to cyber security yet there’s a lot we can all do to secure our information." Mike Bullock.

A major study of 30,000 millennials across eight countries by Telstra last year found 76 per cent of millennials nominated banks as the organisations they trusted most with their personal information. No other entities even came close.

But, to paraphrase Warren Buffett, it takes 20 years to build a reputation and five minutes to ruin it.

Click image to zoom Tap image to zoom

Going physical

According to Mandy Simpson, chief executive of the Cyber Toa consultancy in New Zealand, one of her biggest concerns is cyber going physical.

“We’re seeing signs of nation state cyber-attacks, such as the recent shut down of the entire national grid in the Ukraine on the stroke of midnight,” she says. “A few years ago this was sci fi, now it’s real.”

“Elon Musk has said his biggest fear is a fleetwide hack of Tesla’s autonomous cars. What happens when ransomware goes physical?” says Mandy. “It’s one thing to say your data has been hacked, give us your bitcoins but it’s quite another matter to say we’ve hacked your car and we’re going to drive it over a cliff!”

As Mandy says, we’re sharing more and more information online and cyber criminals are getting more professional – we even have stolen credit card details being sold on the dark web.

With all this talk about nation-state cyber-attacks, it’s easy to feel helpless when it comes to cyber security yet there’s a lot we can all do to secure our information.

Like many banks, ANZ NZ is working on cyber security on all fronts, with significant investment and dedicated teams of experts.

But technology is moving so fast and all companies are under pressure to continually innovate and bring the latest thing to market.

We need to ensure this need for speed doesn’t come at the expense of security and protecting customers. And we need to ensure our legacy systems don’t get left behind – we can’t afford any weak links in the chain.

The human factor

As we automate processes, we inevitably lose some of the human factor –extra sets of eyes which might spot something suspicious.

We need to account for that and look at how new technology such as Artificial Intelligence can help with this.

The guiding principle must always be protecting customers’ information. People’s personal data is a lot more valuable than they realise. We know if someone is stealing someone’s data, it’s because they want to steal their money.

We need to be all over this – understanding what data we hold and having very robust systems for using, storing, protecting and sharing data. And we need to be ruthless about it.

As a bank, ANZ is mandated to keep certain data but from a commercial perspective, do we need all the data we collect? Do we understand the possible commercial benefit of data versus the risk of it being compromised?

ANZ’s Head of Security and Tech Risk in New Zealand, Tony Arnold, rightly says banks will need to rethink their approach to managing risk.

“Generalist risk teams will need to understand technology at a much deeper level,” he says. “For example, we’ll need people who understand Artificial Intelligence technology to identify any risks with using technology.

“As a digital organisation, all of us will need to understand technology and take ownership of cyber risk.”

The conversation

We need to start to shift the conversation today - after all, trust is founded on honesty and we need to have some honest conversations.

Cyber security is a shared responsibility. Cyber criminals rely on a weak link. As a sector financial services needs to educate customers about what it means to live in a digital economy.

There is no silver bullet. It’s about building layers of protection such as requiring two points of authentication on transactions – supplementing passwords with biometrics.

We need to educate customers to understand and embrace this because they are accessing banking systems every day. As a minimum, individuals need to:

Ensure they always update their software;
Keep their antivirus and malware protection updated;
Regularly change passwords and ensure they are sufficiently strong; and
Think carefully about what matters most – for example photos – then ensure they are secured and backed up.

And while we’re doing all we can, we need individuals, companies and governments to start to confront the even bigger questions - like how do we secure people’s data by design and is the internet really fit for purpose?

Mike Bullock is Chief Operating Officer, ANZ New Zealand

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.