NAB crowdsources cyber security with bug bounty program

By

Partners with Bugcrowd.

The National Australia Bank on Friday launched a bug bounty program in partnership with crowdsourced cyber security platform Bugcrowd to strengthen its cyber posture.

NAB crowdsources cyber security with bug bounty program

Vetted security researchers with an ‘Elite Trust Score’ on Bugcrowd will be able to work in live environments to help test the bank’s security.

NAB is the first of the ‘Big Four’ banks to include a bug bounty program in its security strategy as part of a proactive response to an era of ‘hyperconnectivity’ where new threats are constantly emerging, NAB executive enterprise security Nick Mckenzie said.

He said the controlled crowdsourcing methods would bring new perspectives to the bank’s cyber practice and rewards security researchers who uncover previously undisclosed vulnerabilities at the bank.

“Controlled, crowdsourced cyber security brings together uniquely skilled testers and security researchers with fresh perspectives to uncover vulnerabilities in our defences that traditional assessment might have missed,” McKenzie said in a statement.

“Diversity is a critical yet often overlooked factor in security and controls strategies.

“Moving to a ‘paid bounty’ gives us the ability to attract a wider pool of ethically-trained security researchers from across the globe,” he said.

Bugcrowd CEO Ashish Gupta said the partnership with NAB would help improve on its existing security strategy.

“In addition to being one of the first in Australian banking to use the power of a crowdsourced security model, NAB has deployed an impressive layered security approach that is now complemented by Bugcrowd’s crowd of security researchers and platform which assists in finding security vulnerabilities faster and gather actionable insights to increase their resistance to cyber attacks,” Gupta said.

Researchers working in NAB’s live environments won’t have access to any customer data, the bank said, and activities will not impact customers’ banking experience.

Other financial institutions to run bug bounty programs with Bugcrowd include Mastercard and Jack Dorsey’s payments processing provider Square.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
bug bountybugcrowdcrowdsourcecybercyber securityfinanceitfinancial servicesnabsecuritystrategy

Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond

Events

Most Read Articles

ANZ's group executive of technology Gerard Florian to retire

ANZ's group executive of technology Gerard Florian to retire
How NAB unwound Teradata's 'tentacles' to decommission it

How NAB unwound Teradata's 'tentacles' to decommission it
NAB approved to use serverless in data environment

NAB approved to use serverless in data environment
NAB brings Pete Steel into new digital, data and AI exec role

NAB brings Pete Steel into new digital, data and AI exec role
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?