NAB Chief Security Officer Sandro Bucchianeri joined the “Big Picture” panel at Sydney's AFR Cyber Summit today, joining Deputy National Cyber Security Coordinator Tony Chapman, as well as representatives from Deloitte Australia and Wes Farmers.
The following excerpt from the discussion highlights how governments and industries respond to key cybersecurity issues, such as the interconnected nature of systems, advances in AI, and sticking to the fundamentals of cybersecurity protection.
NAB welcomes government's “safe port” regulations
“We welcome the government's attitude. If there is a safe port, [rules]then you're not punishing the victim, essentially,” Butcihenri said.
“The other part I think is that collaboration is important.
“We enjoy our relationship with ACSC [Australian Cyber Security Centre]with Abigail Bradshaw [head of ASCS] And because the team knows most of the things you know when sharing threat intelligence…but it's about helping people who can't afford to buy a threat intelligence share and what happens if they do,” he said.
“For us as a large organization, we are an obligation to help people who don't have the budget to do certain things, and that's what we're looking for, collaboration is an important part.”
I'll stick to the basics
“It's been a long time since we've heard of getting into security for about a quarter of a century, but we're still talking about the same thing: vulnerability management, remote access, and more,” Butcihenri said.
“If you look at the incidents that have happened over the last 25 years, it's the exact same attack. It's an API [Application Programming Interface] It was not configured correctly. It's an unpatched vulnerability.
“If you stick to the basics, like going to the gym, you live much longer, and you have a much longer, healthier lifestyle. The same principles apply to your security environment. If you stick to the basics, 90-95% can be better.”
AI is a double-edged sword
“AI, it's a double-edged sword,” Bucchianelli said.
“10 years ago…phishing – you can easily pick it up. You could see mistakes and everything, grammar errors. Now you couldn't tell the difference between receiving emails from me or receiving emails from scammers.
“But on the flip side, AI can help my cyber-response team,” he said.
“We can act much faster, sprint through a horde of data that we couldn't do in the past, and see that proverb needle in Haystack with this powerful electromagnet, ai.
“I think that's a huge advantage to that, but like with other technologies, it's still too early to see where it will ultimately go.”
The nature of interconnected systems is important to map interdependencies
“I think so [Prudential Standard] The CPS 230 does that exactly. You know exactly that the important flow of your organization will have a major impact on everything you do. It goes beyond critical infrastructure environments. So I think that's important [responsible for mapping where interdependencies are]Bucchianelli said.
“the [also] About the resilience you have in your process, and how you recover, and how quickly you recover. ”
Advice for small and medium-sized businesses
” [Australian Signals Directorate’s] “Essential Eight” is a great mechanism for small businesses to follow,” Bucchianeri said.
“Multifactor authentication, patch management, identity. Follow that.
For business and individual cybersecurity support, visit www.nab.com.au/security
