For me, if there’s one thing that has long typified the battle against cybercriminals it’s a The Far Side cartoon.
You know – the one where a pioneer under siege inside the circled wagons asks his partner: “Hey they are lighting their arrows. Are they allowed to do that?”
The answer, while obvious, doesn’t bode well for those in the wagon: “Yeah they can do that – they can do whatever they want...they are criminals. They don’t need to observe the rules.”
For the cybersecurity community, we’ve faced a similar situation for more than a decade. If you believe the media, things have actually been pretty bad for even longer. It was 18 years ago that a paper carried the headline: “Hackers can turn your computer into a bomb and blow your family to smithereens!”
Yet before hurling your computer out the window, remember that the same journalists also wrote around the same time that a World War 2 bomber had been found on the moon, seemingly by blasting into orbit with enough fuel to land 238,000 miles away.
Hmmm.
What is true is that in the past 18 years, computer enabled attacks on real word infrastructure – such as attacks on power grids and “Triton” malware taking out industrial safety systems – have been successful and the rate of attacks increasing. For us as a bank, there’s also been a concerning increase in malicious activity by cybercriminals and other threat actors.
But it’s systemic and affects us all.
The good news? Well, we have a common enemy. And to win, only a coordinated defence makes sense.
Yes, we all come from different organisations with different drivers and goals. But at the end of the day, the same attacks are focused on all of our organisations – they aren’t just targeting banks or governments. My customer is your customer, who is your supplier, who is your investor, who is your brother or sister. They just want money or personal information to convert to money, and they don’t necessarily care where they get it from. We’re all in it together.
We learned this in financial services more than a decade ago when we collectively saw our customers getting targeted by the same phishing attacks from the same threat actors. Around 2007, grass roots collaboration led to the formation of the Interbank Forums to help shape and drive our knowledge of the threat landscape and how to best respond.
The interbank, which meets regularly, is based on trusted peer relationships and allows cyber analysts to share actionable intelligence. We have learned through this that security is not a competitive advantage, and that sharing intel and lessons learned can only strengthen the overall ecosystem and help make it harder on attackers.
The thing about collaboration is that it has a tendency to become self-perpetuating. The Interbank forum has enabled the financial services industry to more meaningfully collaborate with other forums, both local and international, such as the Financial Services Information Sharing and Analysis Center, the UK's Computer Emergency Response Team and the Australian Federal Police.
Five years ago, there were maybe 10 chief information security officers in Australia and I could name them all. Today, there are maybe 40 CISOs and the number is growing. The recent establishment of the CISO Lens forum is a notable development, enabling improved sharing of actionable intelligence across cybersecurity functions across larger companies in different industries.
Kudos to James Turner from Intelligent Business Research Services for building up this network of white-hats through persistence, passion and sheer goodwill.
Positively, there are some other really exciting additional developments ahead on this front.
One is The Joint Cyber Security Centre (JCSC) partnership between business, government, academia and other key partners to enhance collaboration on cyber security without needing security clearances and travel to The Australian Cyber Security Centre headquarters.
The Hon Victor Dominello, Minister for Finance, Services and Property, speaks at the launch. (Emma Foster)
JCSC’s are being set up in capital cities – Sydney’s was launched yesterday – as hubs for cyber specialists from ALL industries and ALL government/ law enforcement agencies to work together to develop a common understanding of threat actors, attack vectors and mitigation techniques. They will foster sharing of cyber research and countermeasures, including Westpac working with small to medium enterprises who do not have the same scale for the mutual benefit of the entire ecosystem.
But it’s people who play a critical role as the first line of co-ordinated defence.
A major challenge, however, is finding new ways of bringing in talent to match the incredibly high demand for cyber security professionals. At Westpac, we’ve had great success building a pipeline through co-op scholarships for University of NSW and UTS students in a particular degree/discipline who spend six months working with us.
Half of my senior managers have come up from these programs. And it’s not just people with traditional technology degrees – hiring for interest and passion rather than just strict technical aptitude is a great opportunity for cyber security. This is exactly what we’ve found through the “WithYouWithMe” Cyber Military Training Program, which launched in 2017 to build a cohort of highly skilled candidates to fill the labour gap in the Australian cyber industry due to the many parallels between cyber security and national security interests in the digital age.
Like never before, Australia is well placed to collaboratively drive improvements in technology innovation in cyber security. It’s great to see more start-ups emerging, such as Kasada, which has received an investment by Westpac-backed venture capital firm Reinventure.
But there’s more work to do in establishing the local industry. And working together is the only option.
Westpac's Group Chief Information Security Officer, Richard Johnson joined the bank in 2000. In this role, and his previous position as Head of Technical Security Services for the Group, he has led the information security strategy, delivery and governance. Prior to joining the Westpac Group, Richard held roles as Head of Technology Audit at Woolworths Limited, Technology Audit Manager at BT Financial Group, and in Computer Risk Management at Arthur Andersen. In addition to his academic credentials, Richard has a number of professional security qualifications including CISA, CISM, CISSP, CRISC, SCF, and ACP.
{"topicSelector":[{"tagId":"newsroom:topics/economy","name":"economy","description":"Explore more Economy insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Economy","url":"/news/topic.economy/"},{"tagId":"newsroom:topics/banking","name":"banking","description":"Explore more Banking insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Banking","url":"/news/topic.banking/"},{"tagId":"newsroom:topics/digital","name":"digital","description":"Explore more Digital insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Digital","url":"/news/topic.digital/"},{"tagId":"newsroom:topics/diversity","name":"diversity","description":"Explore more Diversity insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Diversity","url":"/news/topic.diversity/"},{"tagId":"newsroom:topics/community","name":"community","description":"Explore more community insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Community","url":"/news/topic.community/"},{"tagId":"newsroom:topics/workplace","name":"workplace","description":"Explore more workplace insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Workplace","url":"/news/topic.workplace/"},{"tagId":"newsroom:topics/sustainability","name":"sustainability","description":"Explore more sustainability insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Sustainability","url":"/news/topic.sustainability/"},{"tagId":"newsroom:topics/technology","name":"technology","description":"Explore more Technology insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Technology","url":"/news/topic.technology/"},{"tagId":"newsroom:topics/property","name":"property","description":"Explore more Property insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Property","url":"/news/topic.property/"},{"tagId":"newsroom:topics/westpac","name":"westpac","description":"Stories featuring Westpac corporate news.","title":"Westpac","url":"/news/topic.westpac/"},{"tagId":"newsroom:topics/sme","name":"sme","description":"Explore more Small Medium Enterprise insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"SME","url":"/news/topic.sme/"},{"tagId":"newsroom:topics/innovators","name":"innovators","description":"Explore more Innovators insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Innovators","url":"/news/topic.innovators/"},{"tagId":"newsroom:topics/leadership","name":"leadership","description":"Explore more Leadership insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Leadership","url":"/news/topic.leadership/"},{"tagId":"newsroom:topics/covid19","name":"covid19","description":"Stories influenced by the COVID-19 pandemic.","title":"COVID-19","url":"/news/topic.covid19/"},{"tagId":"newsroom:topics/investing","name":"investing","description":"Explore more Innovators insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Investing","url":"/news/topic.investing/"},{"tagId":"newsroom:topics/startups","name":"startups","description":"Explore more Startups insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Startups","url":"/news/topic.startups/"},{"tagId":"newsroom:topics/personalfinance","name":"personalfinance","description":"Explore more insights about personal finance, financial literacy and financial wellbeing. ","title":"Personal finance","url":"/news/topic.personalfinance/"},{"tagId":"newsroom:topics/agribusiness","name":"agribusiness","description":"Explore more Agribusiness insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Agribusiness","url":"/news/topic.agribusiness/"},{"tagId":"newsroom:topics/scams","name":"scams","description":"Stories about the latest cyber scams news and trends. ","title":"Scams","url":"/news/topic.scams/"},{"tagId":"newsroom:topics/billsbites","name":"billsbites","description":"Explore more insights from Bill Evans at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Bill\u0027s Bites","url":"/news/topic.billsbites/"},{"tagId":"newsroom:topics/data","name":"data","description":"Explore more data insights at Westpac Wire.","title":"Data","url":"/news/topic.data/"},{"tagId":"newsroom:topics/environment","name":"environment","description":"Explore more Environment insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Environment","url":"/news/topic.environment/"},{"tagId":"newsroom:topics/payments","name":"payments","description":"Explore more Payments insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Payments","url":"/news/topic.payments/"},{"tagId":"newsroom:topics/fintech","name":"fintech","description":"Explore more Fintech insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Fintech","url":"/news/topic.fintech/"},{"tagId":"newsroom:topics/politics","name":"politics","description":"Explore more Politics insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Politics","url":"/news/topic.politics/"},{"tagId":"newsroom:topics/career","name":"career","description":"Stories providing career insights, tips and trends.","title":"Career","url":"/news/topic.career/"},{"tagId":"newsroom:topics/social-enterprise","name":"social-enterprise","description":"Stories relevant to or featuring social enterprises.","title":"Social enterprise","url":"/news/topic.social-enterprise/"},{"tagId":"newsroom:topics/indigenous","name":"indigenous","description":"Explore more indigenous insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Indigenous","url":"/news/topic.indigenous/"},{"tagId":"newsroom:topics/regulation","name":"regulation","description":"Explore more Regulation insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Regulation","url":"/news/topic.regulation/"},{"tagId":"newsroom:topics/wellbeing","name":"wellbeing","description":"Stories featuring wellbeing trends, insights and stories.","title":"Wellbeing","url":"/news/topic.wellbeing/"},{"tagId":"newsroom:topics/superannuation","name":"superannuation","description":"Explore more Superannuation insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Superannuation","url":"/news/topic.superannuation/"},{"tagId":"newsroom:topics/westpac-scholars","name":"westpac-scholars","description":"Stories featuring Westpac Scholars. ","title":"Westpac Scholars","url":"/news/topic.westpac-scholars/"},{"tagId":"newsroom:topics/reinventure","name":"reinventure","description":"Explore more Reinventure insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Reinventure","url":"/news/topic.reinventure/"},{"tagId":"newsroom:topics/asia","name":"asia","description":"Explore more Asia insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Asia","url":"/news/topic.asia/"},{"tagId":"newsroom:topics/podcast","name":"podcast","description":"Explore Westpac Wire\u0027s podcast series.","title":"Podcast","url":"/news/topic.podcast/"},{"tagId":"newsroom:topics/history","name":"history","description":"Stories unearthed from Westpac\u0027s private archival collection. ","title":"History","url":"/news/topic.history/"},{"tagId":"newsroom:topics/businesses-of-tomorrow","name":"businesses-of-tomorrow","description":"Stories featuring Westpac Businesses of Tomorrow program winners. ","title":"Westpac Businesses of Tomorrow","url":"/news/topic.businesses-of-tomorrow/"},{"tagId":"newsroom:topics/tax","name":"tax","description":"Explore more tax insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Tax","url":"/news/topic.tax/"},{"tagId":"newsroom:topics/luciscall","name":"luciscall","description":"Explore more insights from Westpac\u0027s chief economist Luci Ellis at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Luci\u0027s Call","url":"/news/topic.luciscall/"},{"tagId":"newsroom:topics/goodpair","name":"goodpair","description":"Explore more Good Pair stories, showing two people making a big difference together. ","title":"Good Pair","url":"/news/topic.goodpair/"},{"tagId":"newsroom:topics/opinion","name":"opinion","description":"Expert opinions and insights. ","title":"Opinion","url":"/news/topic.opinion/"},{"tagId":"newsroom:topics/currencies","name":"currencies","description":"Stories providing currencies insights, tips and trends.","title":"Currencies","url":"/news/topic.currencies/"},{"tagId":"newsroom:topics/deals","name":"deals","description":"Explore more Deals insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Deals","url":"/news/topic.deals/"},{"tagId":"newsroom:topics/veterans","name":"veterans","description":"Explore more insights about defence force veterans at Westpac Wire.","title":"Veterans","url":"/news/topic.veterans/"},{"tagId":"newsroom:topics/analysis","name":"analysis","description":"Expert analysis on economic news and other trends.","title":"Analysis","url":"/news/topic.analysis/"},{"tagId":"newsroom:topics/IWD","name":"IWD","description":"Stories focusing on International Women\u0027s Day, on 8 March annually. ","title":"IWD ","url":"/news/topic.IWD/"},{"tagId":"newsroom:topics/rework","name":"rework","description":"Stories of businesses pivoting in the face of the COVID-19 pandemic.","title":"Rework","url":"/news/topic.rework/"},{"tagId":"newsroom:topics/10Qs","name":"10Qs","description":"\"10Qs with...\" is a series that asks leaders what makes them tick.","title":"10Qs","url":"/news/topic.10Qs/"},{"tagId":"newsroom:topics/commodities","name":"commodities","description":"Insights into commodities markets.","title":"Commodities","url":"/news/topic.commodities/"},{"tagId":"newsroom:topics/quarterlife","name":"quarterlife","description":"Explore more Quarter Life insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Quarter Life","url":"/news/topic.quarterlife/"},{"tagId":"newsroom:topics/shareholders","name":"shareholders","description":"Stories relevant to Westpac shareholders.","title":"Shareholders","url":"/news/topic.shareholders/"},{"tagId":"newsroom:topics/climate","name":"climate","description":"Explore more climate insights at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"Climate ","url":"/news/topic.climate/"},{"tagId":"newsroom:topics/esg","name":"esg","description":"Explore more insights on environmental, social and governance issues at Westpac Wire. Subscribe to the Westpac Wire newsletter to stay in the know.","title":"ESG","url":"/news/topic.esg/"},{"tagId":"newsroom:topics/boardwalk","name":"boardwalk","description":"A series of in-depth podcast interviews with board directors to find out what\u0027s on their minds. ","title":"Board Walk","url":"/news/topic.boardwalk/"}]}
