Third-party organisations could pose security challenge: NAB

Relying on third parties for services means the supply chain is a “real threat”, says the bank's head of IT security

National Australia Bank’s (NAB) technology transformation is causing an extra security challenge because of the reliance on third-party suppliers, according to the bank’s head of IT security services operations, Andrew Dell.

Speaking at Trend Micro’s Evolve 2013 conference in Sydney, Dell told delegates that the supply chain is a real threat because of interconnected systems.

“As we work through this [IT] transformation, we have a good handle on our immediate third-party suppliers,” he said.

“The challenge is around our providers’ providers so we need to have a more mature third-party security assessment methodology.”

According to Dell, supply chain security means it needs to find the balance between governance and ensuring itself of the threat posed by connected networks.

CeBIT 2012: NAB calls for mobile app security overhaul

NAB testing cloud security provider standards

IT transformation challenges still ahead for NAB

He added that banks are investing in security system transformations to stay relevant.

“Historically, we have had the function to play a steady cat and mouse game with cyber criminals and been able to deploy counter measures to manage our online fraud,” he said.

However, the rapidly evolving threat landscape means the bank needs to change its security posture.

“Our security strategy must evolve away from observe and response to a dynamic capability that automatically identify malicious activity and takes action in near real time,” Dell said.

“It needs to be a flexible platform that allows our cyber crime team to respond to emerging threats.”

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia