Australia could become Asian cybersecurity base, says CBA’s security chief
Australia could become a beachhead of cybersecurity capabilities into Asia due to our stable ICT and economic environment and comparatively high level of trust compared to our neighbours in the region.
This is the view of Commonwealth Bank’s chief information security and trust officer, Ben Heyes, who was speaking at an event on Tuesday hosted by the Committee for Economic Development of Australia and PwC.
“We [CBA], think there’s an opportunity for Australia to reposition its economy to leverage cybersecurity as a capability into Asia,” he told attendees.
Heyes said our immediate neighbours are operating in a different environment with China often constrained by accusations that its military is directly involved in its ICT and security industry.
He said China, Indonesia and Thailand are the three most likely places where individuals and businesses would suffer a cyberattack, Vietnam is one of the top three sources of malware distribution, and India is a main source of ransomware.
“The ICT environment across Asia-Pacific entities and their countries has a quite a significant threat context associated with it when contrasted with Australia,” he said.
Heyes said the UK is establishing a £6 billion export industry around cybersecurity, positioning itself as a capable nation able to defend itself, as well as a contributor of cybersecurity skills into the European market.
He believes Australia has the right ingredients — a regulated environment, healthy economy, culture of innovation, early adoption of technology, and political stability — to do the same.
But we need to get our “home front” sorted first and make Australia a hard target for cybercriminals, he said.
“We also, and I think about this in economic terms, have the opportunity to lift the maturity of some of the discussions as we think about some of the threats. We have been naturally rebalancing some of our investments from just preventative technologies into detective, responsive and predictive, or intelligence-based technologies and controls,” he said.
CBA itself directly sees the need to link cyberliteracy with financial literacy and are preparing to exactly that, he said.
An example of this is CBA’s recent agreement with the Australian Federal Police to step up the fight against online bullying and child exploitation on the Internet.. Volunteers are working with the AFP to educate parents and students about cybersecurity online.
“Sixty-three per cent of attacks within Australia are directly related to those issues of social engineering,” said Heyes. “Not only is this potentially sowing some seeds for excitement and interest in an ICT career, it’s also a direct response that we need to think about.”
Heyes said a focus on ICT education and working with universities on an appropriate curriculum will be critical to provide a workforce with the right skills to exploit the opportunity for Australia to become a regional hub for cybersecurity.
Meanwhile, CBA is seeing a fast take up of innovations such as contactless transactions, cardless ATMs, and real-time banking.
“If we look at our credit card transactions, one quarter of them are using contactless technology. So we have a strong appetite within Australia for innovation and the adoption of digital services,” he said.
The bank is also looking at using biometrics and cryptocurrency technologies. It recently invested $5 million with the University of New South Wales to research quantum cryptography.
“Quantum mechanics and quantum cryptography potentially has a whole range of applications, some of those being in the financial services sector — but all of this allows us to harness greater computational power and execute faster encryption and decryption of private messages and help us secure transactions and interactions with our customers,” he said.
Follow Byron Connolly on Twitter:@ByronConnolly