Cyber crime is a team sport with Australia’s biggest organisations on one side of the field, and cyber criminals on the other.
In a panel discussion at Grok Academy’s Cyber Live virtual event, leaders in cyber security at some of the nation’s biggest organisations discussed the analogy of cyber crime as a sport, and the need to upskill in order to match the rapidly evolving techniques of the opposition.
According to Phil Rodrigues, head of security APJ commercial at AWS, the sporting analogy is used because in cyber warfare, “…there's literally another team on the other side of the field, competing against you all the time. So as defenses are built, as cybersecurity figures are trying to protect one thing, attackers evolve and change and start to vary their techniques.”
Sandro Bucchianeri, global chief security officer at NAB described the similarities in cyber warfare to team sports, where varied skill sets are required to defeat the opposition.
“Just like soccer, where you have strikers, defenders, midfielders, goalkeepers, doctors, coaches, nutritionists and the list goes on, we are looking for new and diverse talent that will help us better defend the organisation,” he said.
In order meet and beat the cyber criminals, Bucchianeri stressed that the threat is bigger than any individual competition between the individual banks.
“What we typically do is, we would talk about indicators of compromise and share our threat intelligence so that we can better defend ourselves because something I see at NAB, Richard [Group CISO, Westpac] may not have seen at Westpac or Lynwen [CISO, ANZ] may have also seen. So we try to compare notes essentially and that helps us protect the wider Australian community as a whole.”
Keith Howard, CISO at CBA echoed this sentiment, describing how cyber security is at its strongest with collaboration across industry partners, educational institutions and governments.
“Cyber, we see it as very much a team sport and the competitors, from my perspective, it is not Sandro or Richard or Lynwen, its the attackers and we are much stronger when we work together.”
Howard highlighted the vulnerability that appeared in java-based logging tool Log4J as an example of a successful collaboration.
“There was lot of cross industry, not just the bank's, work on that one in how we responded to it, which I certainly found invaluable.”
Telco giant BT’s head of cybersecurity ANZ, Luke Barker told Digital Nation Australia that while the mindset of cybersecurity being a team sport is shared across the nation’s biggest organisations, it comes from the position of defense rather than attack.
“We've got goalkeepers, we've got backmen, we've got other things and, how do we manage our team to face the opposition? But it was a very defensive mindset. The real question is how do we in cybersecurity kick a goal? How do we score?” Barker asks.
“How do we shift that paradigm and go, ’How do we win?’”
While he noted legislation as getting in the way of proactiveness in the cybersecurity industry, he suggested that encouraging careers in cyber security from a young age is a key way to meet the expertise gap.
“At the moment, there is a big gap between what we need and what we can supply. But over time, we're hoping that it's going to close and that's some of the initiatives that we're involved in and its just going to take time, unfortunately.”