ANZ’s chief security officer has backed the Albanese government’s plan to roll out a national identity system, arguing the amount of personal data large companies are required to collect poses serious dangers to Australia’s overall cybersecurity.
“There are huge vulnerabilities in our national identity capability,” said Lynwen Connick, the chief information security officer at ANZ.
“Government needs to play a leadership role, whether that’s in a centralised identity plan or a centralised way of checking whether third parties are secure.”
Lynwen Connick , ANZ Group’s chief information security officer, says banks are facing an increased volume of attempted cyberattacks.
Finance Minister Katy Gallagher has flagged the development of a national digital identity system that would make it easier for businesses to verify a person’s identity and eliminate the need for companies to collect licence and passport numbers.
As it stands, banks and telcos must collect and verify the personal data of thousands of customers to comply with existing legislation.
Banks need to hold personal data to comply with “know your customer” requirements, and telcos are required to collect personal information to adhere to anti-terrorism and money laundering rules.
After the Optus hack in September, the government accused businesses of hoarding personal information for commercial gain.
A national identity scheme would mean that once a person’s identity had been verified by a trusted provider, they would be able to link it across a range of services and products.
“People have been arguing about [national digital identity] for a long time, and some people would liken it to vaccinations versus non-vaccinations, because it does introduce controversial privacy issues,” Ms Connick told an Australian Securities and Investments Commission forum on Friday.
“But the government needs to play a leadership role – maybe it’s an opt-in service or something like that.”
Ms Connick added the overlapping responsibilities of government departments and the difficulty the private sector has working with government were also a roadblock to effective cybersecurity management.
“I don’t think we’ve ever worked out how to work well together, and practising how we share information when an incident occurs is critical,” she said.
Attorney-General Mark Dreyfus has announced harsher penalties for companies that hoard unnecessary private data and fail to protect it.
Cameron Whittfield, a partner at Herbert Smith Freehills, said he hoped the government would ensure its own departments and agencies are secure.
“I’m hoping to see some collective uplift,” he said. “The government needs to uplift just as much as anyone else.”
The panel also discussed the rapid rise in smash-and-grab data theft combined with ransomware demands.
Russia’s invasion of Ukraine has prompted a wave of smaller, fringe groups offering cyber hacking services for hire with politically motivated hackers eager to target companies that openly support one country or another.
This cheaper “affiliate model” has affected a range of Australian businesses, with Derek Bopping, first assistant director general, cyber engagement and strategy at the Australian Cyber Security Centre, arguing it has escalated cyber threats several times over.
“The development of this model has changed everything,” Dr Bopping said.
“Sometimes we don’t know if they’re state or non-state. We need to stitch together the private sector, civil society, and both state and federal governments in a way that allows us to actually understand the threats better.”
Follow the topics, people and companies that matter to you.
Fetching latest articles
The Daily Habit of Successful People