Prioritise cyber risk management: ANZ

Photo: National Airports Corporation PNG/Facebook

A cybersecurity expert with the ANZ bank says many organisations fail to keep their systems up to date, and as a result, they expose themselves and their customers to cyberattacks.

Eli Hirschauge, ANZ’s Head of Information Security, said: “Patching is increasingly what regulators around the region are asking organisations to provide evidence of.”

“We automatically update our systems everyday,” said Hirschauge, during a visit to Suva. “We have our security operations centre in Melbourne, [Australia] with a large team of people that continuously monitor what is happening in the market.”

He continued: “Security is part and parcel of what we [ANZ] do as a bank. It is innate to everything that banks do. Everybody in the bank is responsible, one way or another, for the security of our customers and the money.”

Hirschauge said the ANZ repels about 10 million attacks a month through their network.

“We get millions of alerts every day. And we have the tools and techniques to identify those things,” he said.

Through their network, ANZ has “identified emerging threats, sometimes in Europe, sometimes in South Asia, and that helps us to be aware of that, and adjust our positions to respond to things,” he said.

“I’ve seen a few things in Australia where there is some malicious software installed on mobile phones to detect certain things and certain behaviours in banking apps. But I don’t believe we’ve seen that in the region just yet,” he added.

As the world becomes more digitally focused, Hirschauge warned that while the use of Artificial Intelligence (AI) “reduces the cost of doing business”, threat actors are also leveraging the technology “to improve their business models”.

“We used to think about cyberattacks as people in the garage working in their parents’ flat or something like that. This is a big business. Organised crime is very organised. They work in office buildings, they take annual leave, they get paid. It is not hobbyist, that’s what makes it so prevalent. They will use whatever technology, whatever trends are available in technology to improve their business model,” he said.

He noted the use of WormGPT, a generative-AI software tool that allows threat actors to generate malicious attacks.

“One of the simple use cases [of WormGPT] is they can create phishing emails a lot more efficiently, a lot more effectively than they could before because they use these models to generate phishing emails that look a lot closer to what we would engage with,” he said.

Testing Pacific standards

ANZ Fiji Country Head, Rabih Yazbek, says the bank has been working in collaboration with the Reserve Bank of Fiji on uplifting its cybersecurity standards, with new rules kicking in next month.

“The new regulations from the central bank will dictate how we have to set up our own cybersecurity protocols,” said Yazbek.

“We’ve been the test case that the Reserve Bank of Fiji has done a week-long on-site audit. Also joining us are the Reserve Bank of Samoa and Reserve Bank of Papua New Guinea to try and learn under the guidance of the International Monetary Fund on how to set up the right protocols for cybersecurity,” he said.

Yazbek said the ANZ Bank has also started running workshops on these issues for its customers.

“We see that as an important pillar in our role in the community to help with everyone’s awareness and their preparedness for these types of attacks,” he said.

“We’ll do sessions in person. We’re going to be running online training for our clients. We’re going to be preparing material for them to be able to read and share with their colleagues. So it’s going to be a big piece of work for ANZ over the next couple of years.”