The National Australia Bank (NAB) has called for the federal government to fund the buy-back of dangerous and hacker-friendly legacy hardware still in the hands of consumers who are loathe to upgrade.
The so far un-costed regime, which would be part of a national cybersecurity hardening effort, has been floated in documents lodged with the Department of Home Affairs consultation into cyber laws.
If adopted it would pay domestic laggards to upgrade and harden their systems, neutralising a key weak spot in Australia’s cyber defences.
And while there’s no interest like self-interest (especially when it comes to Australia’s banks) the document is an illuminating window into the pressures NAB is feeling on the digital front.
Upgrade resistance
The paper lays bare concerns that despite the stereotype of consumers outpacing banks in terms of user experience, many consumers simply refuse to budge from older operating systems.
Put simply, the threat landscape evolves, but some consumers don't, which clearly has NAB worried.
Specifically, NAB recommends that the government partners “with industry and Internet Service Providers to set mandatory minimum requirements for hardware, operating systems, auto-patching, the installation of anti-virus, malware, and ransomware tools, as well as assist public compliance through subsidies and hardware buy-back programs.”
Which, in practical terms, could be be a difficult ask for senior box huggers who find the relentless cycle of upgrades more challenging and irritating than most of us. But it’s still nice to know what NAB really thinks – which is the government should pay for such forays.
The suggestion that by a retail bank that the government shell out for buy-backs is not entirely surprising given the size of penalties now being imposed on banks.
The Commonwealth Bank has shelled out more than $700 million in penalties for financial law breaches, with Westpac close on its heels following the ritual sacrifice of CEO Brian Hartzer on Tuesday.
NAB is widely expected to be next on the compliance fail front. Bomb-data grade analysis by Banking Day suggests it will be next for the regulatory sword, depite already removing its CEO and Chairman.
Incoming NAB CEO Ross McKewan will be just stoked.
Looking beyond immediate executive survival odds, banks do have an issue with vulnerable old junk and IT systems security.
NAB’s submission calls for “consideration of a public rating framework for global and local businesses, based on compliance with minimum standards”.
