AI a double-edged sword and sticking to the basics remains critical: NAB CSO joins AFR Cyber Summit

Share

Share

NAB Chief Security Officer Sandro Bucchianeri today joined the AFR Cyber Summit’s ‘Big Picture’ panel in Sydney, alongside the Deputy National Cybersecurity Coordinator, Tony Chapman, and representatives from Deloitte Australia and Wesfarmers.

The following excerpts from the discussion highlight how government and industry are responding to key cyber security issues including the interconnected nature of systems, advances in AI and sticking to the basics of cyber security protections.

NAB welcomes the Government’s ‘safe harbour’ provisions

“We welcome the Government’s stance. If there’s safe harbour [rules], then you’re not punishing the victim, essentially,” Mr Bucchianeri said.

“I think the other part of it is that collaboration is key.

“We’ve enjoyed our relationship with the ACSC [Australian Cyber Security Centre], with Abigail Bradshaw [head of ASCS] and the team, in sharing threat intel, because you know for the most part, I’ve got a large security budget… but it’s to help those that cannot afford threat intelligence sharing or whatever the case would be,” he said.

“We feel that it’s a duty for us as a large organisation to help those that don’t have the budget to do certain things and that’s what we’re looking for, and collaboration is the key part.”

Stick to the basics

“Being in security for about a quarter of a century sounds like a long time, but we still talk about the same stuff. We talk about vulnerability management, remote access and so on and so forth,” Mr Bucchianeri said.

“If you look at the incidents that have happened over the last 25 years, it’s exactly the same attack. It’s an API [Application Programming Interface] that wasn’t configured correctly. It’s a vulnerability that wasn’t patched.

“If you stick to the basics, like going to the gym… you’ll live much longer, you’ll have a much longer, healthier lifestyle. The same principles apply with your security environment. If you stick with the basics, you are likely 90- 95% better.”

 

AI is a double-edged sword

“AI, it’s a double-edged sword,” Mr Bucchianeri said.

“If you think 10 years ago… phishing – you could easily pick it up. You could see the misspellings and all those things, the grammar errors. Now you couldn’t tell the difference between getting an email from me or you’re getting an email from scammer.

“However, on the flip side, AI can help my cyber response team,” he said.

“We act much, much faster and trove through hordes of data they wouldn’t have been able to do in the past so they can look at that proverbial needle in haystack with this powerful electromagnet, which is AI.

“I think that’s the great benefit of it, but like with any other technology, it’s still too early in the process to see where we ultimately are going to go.”

Interconnected nature of systems means mapping interdependencies is critical

“I think the [Prudential Standard] CPS 230… is doing exactly that – you’re understanding exactly what the critical flows in your organisation are that have a massive impact on everything that you do. That then goes across the critical infrastructure environment. So, I think that’s the key thing [responsible for mapping where interdependencies are],” Mr Bucchianeri said.

“It’s [also] about the resilience that you have in your processes and how you recover and how quickly you recover.”

Advice to small to medium businesses

“The [Australian Signals Directorate’s] ‘essential eight’ is a great mechanism for small to medium businesses to follow,” Mr Bucchianeri said.

“Multifactor authentication, patch management, identity. Follow that and I think you’ll be better for it.”

 

For business and individual cyber security support, go to www.nab.com.au/security 

Customers, banking & finance

SEE ALL TOPICS

Media Enquiries

For all media enquiries, please contact the NAB Media Line on 03 7035 5015

Related Articles

  • Scams

Explainer – The footy fans’ guide to ticket scams

As the AFL finals series continues and NRL’s begins, NAB is urging supporters to be vigilant to avoid ticket scams.

  • 11.09.2024
  • Time to read 1 min read
  • Scams

Explainer – three travel scams to watch out for while chasing a European or North American summer

NAB shares the three travel scams to watch out for as hundreds of thousands of Aussies prepare escape winter down under and travel to Europe or North America.

  • 11.09.2024
  • Time to read 1 min read
  • Scams

We must stop the crime before it happens to stem the scam epidemic

NAB Executive, Group Investigations, Chris Sheehan writes about how NAB is working to stem the scams epidemic, and the Australian Government’s intended Scam Code model.

  • 29.07.2024
  • Time to read 4 min read

Quick links

Business Research and Insights

For more business news and analysis, visit NAB’s Business Research and Insights .

NAB Security Podcast

For more insights about cyber security and fraud, and practical tips on how to stay safe, listen in to NAB’s Security Podcast series.

NAB tech blog

For more insights about technology and the digital developments enabling change for customers, visit the NAB tech blog on Medium.