iTnews

CommBank urges Govt to update cyber security strategy

By Allie Coyne on Apr 1, 2014 2:54PM
CommBank urges Govt to update cyber security strategy

Customers need banking confidence during Snowden era.

The Commonwealth Bank has called on the Federal Government to review its ageing cyber security strategy in order to protect customer information in the financial sector and ensure the local digital economy doesn’t lag behind global counterparts.

As part of several recommendations made in its submission to the federal inquiry investigating reform in the banking sector, CommBank said a review of the federal cyber security framework - last revised in 2009 - would help keep Australia up to date with not only evolving technological threats but also the pace of international peers.

“Whilst the financial system is reasonably secure, the broader and longer term view of the cyber environment is negative,” it said in the submission.

“The capability of those posing cyber threats...continues to evolve, while recent US government surveillance revelations have adversely impacted online trust. These factors could undermine development of the digital economy.

“In the meantime, the threat to Australians online has increased and Australians have become even more reliant on the internet as part of their daily lives. A re-evaluation of Australia’s cyber security strategy and program of investment would be timely.”

The then-Labor Government released its first national cyber security strategy in 2009. It commissioned a follow up cyber security white paper in mid 2011, which was abandoned a year and a half later in favour of a "broader" discussion around the digital economy.

The 2009 strategy's (pdf) objectives were to increase the nation's awareness of and reaction to cyber crime incidents, and to ensure government and local businesses operate secure and resilient IT infrastructure. It also promised ongoing reviews of Australia’s cyber security policies, programs and capabilities.

CommBank recommended the Government ensure national cyber security resilience in the banking sector by reviewing the scope, breadth and distribution of its investment in cyber security, keeping in mind the “critical role” it plays in the local digital economy; and formalise what is expected of both private sector operators and Government in the event of a cyber crisis.

“Private sector owners of critical infrastructure will be responsible for defending their own systems in the first instance, until an attack exceeds the pre-defined levels or norms,” it said.

The bank also called on the Government to promote greater public-private co-operation on cyber security, including real-time sharing of information and intelligence, and to study government incentives for the private sector to invest in cyber security, which it said would “drive a widespread lift in security standards and practices across entire industries and critical infrastructure sectors”.

More regulation for non-banks

Customer confidence in the security of the financial system would also be improved by addressing an uneven playing field with regards to the regulation of financial institutions, CommBank said.

It expressed concern over what it saw as a lack of consistent regulation for all financial system participants, specifically non-bank entities compared to authorised deposit-taking institutions (ADIs).

It said advances in technology had enabled non-bank entities to provide similar services to banks but without the same level of regulation governing customer privacy and security.

“This uneven playing field poses a risk to customers’ finances and personal information, as well as to the stability and reputation of the system. This in turn may increase costs for ADIs and customers,” CommmBank said.

“Australian customers must be offered the same protection and security by new players that they receive from traditional banks. This is especially critical as many businesses increasingly use advanced data analytics on large data sets to deliver more tailored services and products. 

“The use of big data to provide insight into a customer’s preferences must be carefully balanced with a customer’s right to privacy and existing obligations businesses face in the handling and treatment of such data.”

It wants the same privacy and security regulations - including supervision and monitoring - applied to all industry participants. 

Information exchange needs to be modernised

Regulations need to be updated to allow financial institutions to make relevant information disclosures to customers in a variety of technological methods, CommBank said.

Financial institutions are currently required to physically or electronically mail relevant information disclosures to customers. 

“The current regulatory framework results in document-centric requirements, with allowance (more recently) for electronic disclosure. The regulations and industry codes do not accommodate the variety of methods by which customers engage with financial services providers,” the bank said in its submission.

“Such a framework does not recognise the manner in which technology can better enable customers to access required information.”

It suggested reviewing legislation to deliver a “technology-neutral” approach to disclosures, which would preserve the “sent” and “delivered” concepts but allow consumers to access and retrieve relevant information via more appropriate methods.

“Technology would allow the applicable disclosure requirements to be satisfied in non-documentary forms and in ways which will assist in improving customer engagement and understanding,” it said.

“For example, smart phone users can receive videos and voice memos and, once stored or hosted, can be accessed at any time in the future. It is also possible to provide consumers with links to content on social media platforms, with required information to consumers which can be viewed from any device.”

For disclosures such as changes to terms and conditions or product features, financial institutions could use RSS feeds, email, and system notifications to communicate the content, the bank suggested.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
bank commbank cyber government security snowden

Partner Content

Beat the DDoS blackmails in 2021
Promoted Content Beat the DDoS blackmails in 2021
What is zero trust cybersecurity?
Partner Content What is zero trust cybersecurity?
Shut the door on ransomware
Promoted Content Shut the door on ransomware
Improving returns from SD-WAN spending
Partner Content Improving returns from SD-WAN spending

Sponsored Whitepapers

The top 5 tech trends to deliver business outcomes
The top 5 tech trends to deliver business outcomes
10 reasons why businesses need to invest in cloud security training
10 reasons why businesses need to invest in cloud security training
Your guide to application security solutions
Your guide to application security solutions
State of Software Security: Open Source Edition
State of Software Security: Open Source Edition
Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • [iTnews and Micro Focus] Navigating the cloud modernisation minefield
By Allie Coyne
Apr 1 2014
2:54PM
0 Comments

Related Articles

  • Aussie govts urged to adopt global cyber security standards for cloud
  • Biden enlists 'world class' cyber security team
  • Outdated libraries leave govt websites vulnerable, researchers say
  • Govt develops principles to secure critical technology supply chains
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

TPG Telecom to start enticing NBN customers to move

TPG Telecom to start enticing NBN customers to move

Infosys scores another $40m for Centrelink payments engine build

Infosys scores another $40m for Centrelink payments engine build

Telstra InfraCo opens up telco's own fibre network

Telstra InfraCo opens up telco's own fibre network

Transport for NSW data stolen in Accellion breach

Transport for NSW data stolen in Accellion breach

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.