National Australia Bank (NAB) has announced the launch of a bug bounty program through its partnership with Bugcrowd, a crowdsourced security company.
Said to be the first program of its kind in Australian banking, NAB will reward vetted security researchers who uncover previously undisclosed vulnerabilities in NAB’s cyber environment.
According to NAB executive enterprise security, Nick McKenzie, using controlled crowdsourcing methods would assist NAB to further test its existing cyber security capabilities.
“Controlled, crowdsourced cyber security brings together uniquely skilled testers and security researchers with fresh perspective to uncover vulnerabilities in our defences that traditional assessment might have missed,” Mr McKenzie said.
“Diversity is a critical yet often overlooked factor in security and controls strategies. Moving to a ‘paid bounty’ gives us the ability to attract a wider pool of ethically trained security researchers from across the globe.
“Proactive cyber security measures are vital in today’s hyperconnected environment where new threats are constantly emerging.”
Under the program, the security researchers must have an “elite trust score” on the Bugcrowd platform to qualify.
The bank emphasised that while researchers will work in live environments, they will not have access to any customer information, and activities will not disrupt customers’ interactions with the bank.
Commenting on the partnership, Bugcrowd CEO Ashish Gupta said the company’s group of security researchers and platform will assist NAB with finding security vulnerabilities and gather “actionable insights” to increase their resistance to cyber attacks.
“We are excited to partner with NAB to assist in bolstering their innovative security strategy,” Mr Gupta said.
The major bank recently highlighted the growing issue of cyber threats when it appeared before the House of Representatives standing committee on economics during its review of Australia’s four major banks and other financial institutions.
Group chief risk officer Shaun Dooley revealed that NAB had been fighting millions of “ferocious” cyber threats and seen a 78 per cent increase in fraud attempts over recent months.
It had also seen a 33 per cent increase in estimated loss from May to June, Mr Dooley added.
NAB has recently migrated its online business banking tool, NAB Connect, to the cloud earlier this month, with its platform to be monitored for fraud detection by threat detection service, Amazon GuardDuty.
The news of the new bug bounty came on the same day as federal government launched an $800 million digital business plan.
The package is aimed at helping businesses digitise, including developing a new digital identity system, and more money for lenders implementing the Consumer Data Right for the open banking regime.
Moody’s Investors Service recently reported that the “large-scale shift” to digital banking and remote work amid the COVID-19 crisis has increased the banking sector’s exposure to cyber attack.
“Banks have quickly responded to these challenges but, in pursuing an accelerated technology development cycle, have also increased their potential vulnerabilities to cyber attack.”
[Related: Lender employs PwC fraud prevention software]
Malavika Santhebennur is the features editor on the mortgages titles at Momentum Media.
Before joining the team in 2019, Malavika held roles with Money Management and Benchmark Media. She has been writing about financial services for the past six years.