ANZ Bank CISO Lynwen Connick has reiterated calls for a greater level of collaboration between government and all levels of the private sector to bolster Australia’s ability to defend against cybersecurity threats.
Speaking at the AISA national conference in Sydney, Connick - who played a key role in the development of Australia’s cyber security strategy - said there was strong need for real-time collaboration to minimise the impact of threats.
“It used to take two to four weeks for a vulnerability to be exploited. Now it is often only minutes before an attack takes place so we really have to change the way be think about responding,” she said.
“Collaboration and sharing - even real-time sharing - are really important. We need to make sure that everyone is able to respond and that we can stop significant outbreaks before they go viral. It is something we all need to be part of.”
One of the core recommendations of the cyber security strategy that Connick helped develop was that a national cyber security partnership be established.
“The private sector owns most of the critical infrastructure and if ever there was a major incident, the private sector would have to be involved [in remediation]," Connick said.
"It is really important that we are all working together to implement the important initiatives in the strategy."
She added: “We are only as secure as the rest of the community. If one significant organisation goes down it will affect all of us [and] our economic prosperity.”
Connick said ANZ had undertaken a series of cybersecurity initiatives that she was keen to share with the wider community.
They included the use of analytics to detect anomalies and potential threats.
“We have been partnering with scientists at the Los Alamos National Laboratory in the US to help commercialise this capability," she said.
"We are keen to share with others what we are seeing. It is not a commercial issue for us.”
Connick said the bank was also working with CSIRO’s Data 61 arm “to research what makes people vulnerable to social engineering and what sorts of education works, particularly for senior [executives]".
Connick's speech coincided with the opening of a second joint cyber security centre by the federal government in Melbourne, after the opening of a similar facility in Brisbane back in February. Further such centres are planned for Sydney and Perth.
The Melbourne centre is led by CERT Australia and includes representatives from the Australian and Victorian governments, law enforcement agencies and businesses responsible for critical infrastructure and systems of national interest.
The government said in a statement that the centres would provide a trusted environment for collaboration and information sharing on cyber security and “deliver a broad range of activities, from workshops on specific cyber threats, to developing solutions to cyber security risks.”