In a year which included a Royal Commission and the beginning of Open Banking, the biggest disruptive threat to Australia’s banks remained cybercrime, according to Monica Hovsepian, global industry strategist, financial services at OpenText, an enterprise information management software company.
“Cybercrime is currently rife in the industry,” Hovsepian told Which-50, “So it’s imperative financial service organisations prioritise cybersecurity and implement detection and response solutions that provide deep network visibility to secure and investigate potential risks.”
Some of Australia’s biggest banks have been pinged by regulators for serious data breaches this year, including NAB exposing the data of 13,000 customers and CBA entering an enforceable undertaking to upgrade its posture following two major incidents.
Reported data breaches have risen steadily since Australia’s privacy regulator introduced a mandatory reporting scheme in 2018. Finance, along with healthcare, are routinely the worst offending industries for data breaches. Last quarter alone there were 42 data breaches reported in the Australian finance sector.
Hovsepian, whose company OpenText offers enterprise security solutions, and counts Westpac and NIB as local customers, says the rise in breaches suggest cybercriminals may be getting the upper hand on the local finance sector.
“Up until now, cybercriminals have been winning the battle, with their attacks accounting for an $18.28 million annual deficit on the industry,” Hovsepian said in reference to Accenture research which found banks, capital market firms and insurers spend on average 40 per cent more than other industries to combat cybercrime.
Hovsepian says Australian banks face massive technology and regulatory challenges but must remain proactive on cyber and breaches, particularly as customer information is opened up to more third parties through initiatives like Australia’s Consumer Data Right.
“It’s critical that FS organisations are proactive and efficient in identifying and resolving breaches; it is no longer acceptable for customers to hear from third parties, like bloggers or the media, about breaches that have occurred. Doing so would not only hurt their reputation but could also affect organisations they engage with.”
AI is no cyber silver bullet
While emerging technologies hold promise for cybersecurity defences, it is important to remember that attackers will have access to the new tools too.
“Many view modern technologies, such as AI, as a key component for getting on top of cyberattacks. While true, it’s important to recognise that cybercriminals also use these technologies to deceive individuals and breach systems,” Hovsepian said.
The constant and increasingly sophisticated threat means cybersecurity strategies must continually be reviewed and updated, according to Hovsepian.