Locking down cyber threats

These increasingly sophisticated attacks against key infrastructure also come in the midst of a pandemic. So what is it about the combination of these two phenomenon that make the threat all the more dangerous for companies and customers alike?

"The bank’s systems are blocking 12 million malicious emails a month… more than triple the amount of emails we were blocking before the pandemic began.”

Sadly, the answer is as simple as people being more vulnerable as a result of the COVID-19 pandemic. The perpetrators of these attacks prey on people’s vulnerabilities. The reality is many customers could now be convinced to click on an email link that wouldn’t normally fool them.

Think of an official looking communication from a health department claiming to have details on the latest outbreak or new exposure sites in your area. That could easily tempt someone to click quickly, without giving it the consideration they normally would.

We are seeing hard evidence of this in real time at ANZ. We are blocking more than 500,000 scam emails a month that are specifically COVID-related and some of them are becoming very sophisticated and professional. It’s a perfect example of cyber criminals preying on people's vulnerabilities in a time of crisis.

The overall threat is even larger. The bank’s systems are blocking 12 million malicious emails a month - a staggering figure. It’s more than triple the amount of emails we were blocking before the pandemic began.

So how can a bank, or any company for that matter, defend against such an evolving enemy?

Investing in security

Australian banks have a long history of security. It’s in our nature and something we take very seriously, always have. Historically it was more about iron bars, protective screens and shotguns for branch managers. But increasingly it’s software, servers and engineers.

ANZ spends more than $A150 million each year on specific security capabilities, including a 24/7 security operation centre that’s always looking for malicious activity on our network and ensuring we stay protected.

As a large organisation, we invest heavily in this area and, when other associated costs are taken into account, the overall spend is far larger. We have continued to build a very sophisticated cyber security protection capability as more and more of our work has moved online. And because the threat is increasing all the time, we continue to update our capability based on its changing nature.

Ideally we block malicious emails with attachments that might include ransomware before they get into our organisation. But if not, we need to detect problems and respond to them before any damage is done.

So what sort of protective measures can we as a bank deploy to ensure we achieve that goal? No one mitigation strategy or security capability will protect you from every attack. That's where it’s important to build out a number of protections. And that’s where our staff and customers come in.

Making a pact

It’s integral to our response that our people are empowered to make the right decision by calling out a suspicious message when they see it. We do a lot of work to train our staff to make sure they're able to detect activity that might be malicious on our network - essentially anything that just doesn't feel right to them.

This includes phishing simulation exercises where we send questionable emails to staff and exercise how they respond. There is also an annual training requirement for all staff which is updated each year to highlight the sorts of things to watch out for.

We also undertake extensive education for our customers to make them aware of the dangers of cyber-attacks and scams in their own organisation. We know keeping them safe will also keep us safe.

One awareness program we promote is called PACT:

• P asks customers to pause, if they’ve received something suspicious like being asked to click on a link.
• A is to activate two-factor authentication to boost security levels.
• C is to call out any suspicious activity.
• T is turning on automatic updates on your devices to ensure the most recent version of the software.

Another form of protection is cooperating with our counterparts, governments and associated entities around the world. Sharing information means other organisations are better prepared for the next attack. This kind of collaboration is vital to ensuring we’re all prepared.

Preparation can obviously help but the ever evolving threat proves we must remain vigilant. By investing in our security, educating our people and customers and collaborating with partners and government agencies we can help steer through the threat of both cyber-attacks and a global pandemic.

Lynwen Connick is Chief Information Security Officer at ANZ