People may think of ANZ as a retail bank, but we are the largest wholesale bank in the Asia Pacific region and are responsible for around 60-70% of all payments in Australia, New Zealand and the Asia Pacific region combined.
“Cybersecurity is no longer just about protecting money and data, it is also about protecting our way of life.
And yet, there is something that matters to us more than money. Without it, none of our successes in retail, commercial or institutional banking would be possible: it is trust.
Trust is the cornerstone of everything we do at ANZ. Customers trust us to protect their money. From keeping their money safe to protecting it from cyber threats.
Customers also entrust ANZ with sensitive personal and financial information. They rely on us to maintain the confidentiality and integrity of their data, ensuring it is not misused or disclosed without their consent.
It’s the foundation of our relationship with our customers. And in 2024, that relationship has never been more fragile. Over the last two years, Australia has seen exponential growth in digital technologies.
These developments have transformed the way we live, work, and communicate. Along with these advances, the threat landscape has also become more sophisticated and exponentially more harmful.
Cybersecurity is no longer just about protecting money and data: it’s about preserving our way of life.
Wake up call
Recent attacks on many businesses, particularly in Australia, have us questioning the security of our financial data. Credit card numbers, passport information, driver’s licenses, email addresses, phone numbers, and even loan histories and medical records have been compromised.
These attacks illustrate how cyberattacks have radically transformed our online lives and I think it has been a wake-up call for many of us about what data we share on the internet and how best to protect it.
We are also seeing examples of sensitive and personal information exposed during these major events being exploited by scammers. This can help craft more convincing phishing attempts or shed light on the approach of sophisticated identity theft scams.
This convergence between cyber events and scams not only amplifies the effectiveness of these crimes, as malicious actors adapt their tactics based on data, but also reinforces the importance of cybersecurity.
Although no major bank has yet been breached, it is worth considering the consequences of such a breach if it were to occur.
It’s not just about the devastating impact this could have on our daily lives, such as paying our bills, transferring money or being able to withdraw money from an ATM. It’s also about the devastating impact this could have on the stock market, our international payment systems and our economy.
But again, and more importantly, what effect would this have on citizens’ trust in our banking system? What would happen if people no longer trusted us to hold and move their money? What would the consequences be for the structure of our society? That’s what’s at stake for us in 2024.
I believe we are at a turning point in cybersecurity and its role in preserving that trust. Because the threats are not only advanced, they are transformative and that requires us to constantly adapt.
Cybersecurity is entering a new era of complexity and sophistication. Major global data breaches have exposed clear gaps in cyber resilience, with large enterprises struggling to recover data and restore processes in a timely manner.
Global geopolitical events have also intensified the cyber threat landscape, with nation states increasingly engaging in cyber warfare and espionage activities against Australian targets. These events have complex and sensitive diplomatic implications.
Supply chain disruptions and the security implications of widespread AI adoption add to the threat landscape, with cybercriminals leveraging advanced techniques, weaponizing artificial intelligence and machine learning to launch more persistent attacks that present more challenges for our teams.
New opportunities
The global talent shortage also complicates the challenge. This volatility requires us to adapt our approach to ensure not only resilience and trust, but also business value through new technologies.
For the record, using AI to improve cybersecurity is not new. AI has been used for many years to help interpret and process input data. Generative AI, on the other hand, brings new opportunities.
It is powerful, scalable and flexible and opens up endless possibilities for industries, including ours, that depend on innovation and improving the customer experience.
However, the dizzying speed at which generative AI is being integrated into our lives means it has the potential to radically reshape our digital landscape.
Given the pace of experimentation that organizations are conducting, the question is, “How do we maximize value and minimize risk?” We focus on how to do this to ensure safer and more widespread adoption of AI.
This includes ensuring our security teams are proactively adopting AI, while helping to identify how we can support our business units to integrate cyber measures into their AI models to ensure we are developing a reliable, robust and resilient system design.
While I believe we have some of the best cybersecurity teams, with some of the best technology to detect and respond to malicious activity, I want to emphasize that technology alone cannot do the heavy lifting.
In fact, I believe our best line of defense is our people. Cybersecurity requires a security-first culture, both within our organization and with our customers if we are to help shape a world where people and communities thrive.
The threats we face are constantly evolving, so education and awareness are paramount. It is no longer just the responsibility of cybersecurity departments or even technicians to carry out this task.
We need every individual to play a role in strengthening ANZ’s resilience to ensure our systems and data are secure and help maintain the trust of our customers and the wider community. As we navigate an ever-changing cybersecurity landscape, collaboration, innovation and vigilance will be our greatest assets.
Maria Milosavljevic is Director of Information Security at ANZ.
