CBA to export cyber training to Indonesia, says CISO
- 27 September, 2017 08:53
The Commonwealth Bank of Australia (CBA) is seeking to export cyber security training to Indonesia and beyond, the bank's chief information security officer said today.
Yuval Illuz – who joined the bank in February, following the departure for health reasons of CISO Ben Heyes – said CBA had been working with the government's Ambassador for Cyber Affairs Tobias Feakin on a program to raise awareness around cyber security, targetted at Indonesian industry.
"We are working on a program to collaborate with industry there, and to see how we can increase cyber security awareness. And Indonesia is just one of many we're working with... The knowledge that we've gained in Commonwealth Bank in the last few years – can we actually export outside and position Australia as a very strong player in cyber security in the region?" Illuz told the SINET61 security conference audience in Sydney.
The government is launching its International Cyber Engagement Strategy, which will have a Indo-Pacific focus, next week.
A CBA spokesperson told CIO Australia the bank had developed a large amount of educational material on cyber security awareness for the Australian community, which would be adapted for an overseas market.
"We are translating this material so that it can also educate citizens in the region, through the websites and channels of our Indonesian subsidiaries for example. CBA supports the idea of Australian government and businesses playing a constructive role in building cyber capacity in our region, and we look forward to supporting Australia’s International Cyber Engagement Strategy,” they said.
Israeli Illuz said the bank was also looking to extend its university education effort beyond Sydney.
The bank partnered with the University of New South Wales in 2015 to establish a centre of expertise for information security, offering an undergraduate curriculum through 'massive open online courses' (MOOCs).
The $1.6 million, five-year partnership also included the establishment of a security engineering lab, and support for PhD researchers.
"We have a great use case with the University of NSW, but there is a great opportunity for us to do it as well in Melbourne and Adelaide and Perth and Canberra and many other cities. And there is no reason for us not to replicate this success," Illuz said.
A CBA spokesperson confirmed to CIO Australia that the bank had recently signed a memorandum of understanding with the University of Melbourne, "which allows us to explore collaboration including the cyber security area".
"We’re also continuing to discuss possible collaborations with other Australian universities," they added.
The bank's publically available eLearning modules had trained 50,000 CBA employees and the same number of non-employees in basic cyber hygiene.
"In the year ahead we will continue to promote and share these and other resources to further uplift capability in the economy, " the spokesperson said.
As well as the education programs for universities and industry, the bank is also targetting a younger demographic.
The bank plans to work with the Australian Computing Academy to "inject cyber security into the high school curriculum" Illuz said.
The University of Sydney led academy supports teachers to deliver lessons relating to digital technologies. It also runs challenges for year five and seven pupils which are funded by the Department of Education and Training.
A CBA spokesperson added that the bank believed solving the shortage in cyber security skills required a "whole-of-pipeline approach".
"We have recently sponsored programs such as National Computer Science School, and are now exploring further options to help integrate the teaching of cyber security skills into high school classrooms,” they said.
Not about outsourcing
The news comes after Illuz was reported in The Australian to have briefed bank cyber security staff that some of their jobs would likely be taken by overseas vendors.
CBA chief information officer David Whiteing confirmed to the AFR last week that some cyber security work was going offshore.
Yesterday the bank hit back at the reports, saying: "Reports suggesting we are stepping back from cyber security are incorrect...As part of our responsibility to our customers and communities, we keep a close eye on the services and capabilities available to us.
"This is not about outsourcing our cyber team. It is about ensuring we have access to the best possible services and skills when we need it to complement our own cyber security expertise."