Working together to fight cyber crime

There is a growing cyber security challenge for business – and indeed everyone.

Click image to zoom Tap image to zoom

State-sponsored attacks are increasing, targeting intellectual property as well as geopolitical ends. And cyber criminals are seeking to exploit vulnerable people in these difficult times.

"The Strategy is comprehensive with $A1.67 billion funding over 10 years and a range of sound initiatives.”

So it is extremely timely for the Australian Government to release Australia’s Cyber Security Strategy 2020, building on the 2016 Strategy.

The Government’s vision is to create a more secure online world for Australians, their businesses and the essential services on which we all depend. It notes the scale and sophistication of threats is increasing at a time when the cyber economy is increasingly vital for Australia’s economic future.

However, the strategy depends on complementary actions by government, businesses and the community.

ANZ is certainly supportive of this initiative (and indeed I was a co-author of the 2016 strategy in my former role and it is great to see the progress that has been made). As a bank, we participated in a number of consultation sessions and made a public submission for this Strategy.

The Strategy is comprehensive with $A1.67 billion funding over 10 years and a range of sound initiatives - as well as ones included in ANZ’s submission.

Highlighted achievements of Australia’s Cyber Security Strategy 2020 are to:

  • Protect and actively defend critical infrastructure
  • Combat cyber-crime including on the dark web
  • Protect Australian government data and networks
  • Support greater collaboration to build cyber skills
  • Improve situational awareness and sharing of cyber threat intelligence
  • Strengthen cyber security partnerships including via the Joint Cyber Security Centres
  • Advise small and medium enterprises
  • Provide clear guidance about security internet of things devices
  • Operate a 24/7 cyber security advice hotline
  • Improve community awareness of cyber security threats

All in this together

Critically though, partnerships are vital if this strategy is to be effective. The government will create an environment where everyone knows the “rules of the road” - including through legislation if necessary - to improve cyber resilience so Australia can take advantage of the opportunities of an increasingly digital economy.

It is important we have consistent and sound levels of cyber security across organisations as we are all impacted if one organisation suffers an attack - directly if we interact with that organisation or indirectly through the damage in confidence about conducting business online.

Since releasing the strategy paper, Government has already started consulting on changes to the legislative framework concerning the security of critical infrastructure.

Changes that are being proposed include bringing more entities into the framework and mechanisms for Government to provide greater assistance to entities in times of threat.

Different regulators would also play a role in setting and enforcing sector-specific standards for certain entities that are directed at common outcomes. Banks are already subject to the Australian Prudential Regulation Authority’s (APRA) information security standard CPS234.

Meanwhile, other consultation will include reform options including for privacy, consumer and data protection laws and duties for company directors and other business entities.

New powers

Included in the strategy funding is $A66.5 million to assist Australian’s major critical infrastructure providers assess their networks for vulnerabilities and to enhance their cyber security posture.

There is a further $A62.3 million for a classified national situational awareness capability to better enable government to respond to cyber threats to critical infrastructure.

For the protection of business, the government will work with large organisations such as banks and internet service providers to ensure small and medium enterprises have access to cyber security in the normal course of running their business.

At ANZ, we already work to provide customer security services and education and broader awareness raising for customers and across the community through our platforms and public engagement. Far from being an impost, this work to support customers and the community is clearly aligned with ANZ’s purpose and strategy.

ANZ’s approach and initiatives

  • ANZ’s role is to secure the bank, customer information and systems from cyber-attacks and information breaches while enabling transformation and innovation.
  • ANZ aims to be an industry leader in threat intelligence capability and information sharing, regularly engaging with law enforcement, government (including the Australian Cyber Security Centre and Joint Cyber Security Centres), global peer banks and major security vendors. Our cyber security team works closely with industry and research organisations around the world to ensure we have the ability to detect, respond and recover in the event a cyber threat becomes reality.
  • Many of our cyber security team members volunteer to build community and industry cyber security awareness through speaking roles at schools, universities and community groups.
  • While technical controls are important, people are our first line of defence. Educating our employees and customers is key to fostering a security-centric culture within the bank and, more broadly, across the community. We operate a comprehensive Security Behaviours & Influence (Awareness) program that includes delivery of customer education materials encouraging four simple steps for improved cybersecurity and regular events to help our customers understand the ever evolving threats.
  • Cyber security is everyone’s responsibility. ANZ’s educational campaigns such as ‘Protect your Virtual Valuables’ and ‘Simplifying Cyber Security’ workshops have proven successful in informing and empowering employees, customers and communities on how to play their part.
  • ANZ is actively contributing to developing talent for cybersecurity through programs like the Autism Spectrum program, virtual internships, industry based learning and graduate programs and ongoing partnership with other banks. For example, ANZ works with the Australian Computing Academy, AustCyber and the ACSC to build cyber content for Australian school curricula. This initiative aims to close the growing gap in cyber security awareness and skills amongst Australian students.

A number of the Strategy’s initiatives involve countering cyber-crime and blocking threats. A “cleaner pipes” initiative is designed to block malicious communications (emails, SMS and phone calls) before they reach organisations and individuals.

ANZ has been working with other financial organisations and telecommunication companies over the last year to help develop a clean pipes solution. This initiative should significantly reduce malicious messages for organisations and individuals. For ANZ it will help reduce the more than 7 million emails a month we currently block.

We are also collaborating across a range of existing initiatives including increased cyber threat sharing, joint exercising of response to cyber events, and improving cyber skills.

Both from the perspective of my current role at ANZ and my previous work on the 2016 Strategy, I see this new Strategy as an extremely important development. As a partner of the Joint Cyber Security Centres we play a key role in collaborating and sharing information to improve cyber security nationally.

It’s in all of our interests.

Lynwen Connick is Chief Information Security Officer at ANZ

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.

editor's picks

12 Oct 2018

A cyber-pact to make the team stronger

Lynwen Connick | CISO, ANZ

The financial cost of cybercrime grows every year – as does the human cost.

04 Dec 2018

Biz must empower people on cyber security

Lynwen Connick | CISO, ANZ

Technology can only go so far. The best businesses create a culture of security in the battle against online crime.