When a business configures its security protocols, it’s difficult to understand how effective they are, until they are tested.
One way to test your cybersecurity protocols, is to hire 3rd party security firms (like KnowBe4) to perform penetration testing, using common hacker methods. Another option is to open the challenge to the world and offer white hat hackers a reward for responsibly disclosing any vulnerabilities discovered.
NAB has today announced the launch of a bug bounty program, the first of its kind in Australian banking, in partnership with crowdsourced security company Bugcrowd.
NAB will reward vetted security researchers who uncover previously undisclosed vulnerabilities in NAB’s environment. Participants must have an ‘Elite Trust Score’ on the Bugcrowd platform.
Bugcrowd is a platform used by some of the world’s largest company’s including Atlassian, HP, Twilio
NAB Executive Enterprise Security, Nick McKenzie said using controlled crowdsourcing methods would assist NAB to further test and strengthen its existing cybersecurity capabilities, helping to keep the bank and customers safe from cyber threats.
“Controlled, crowdsourced cybersecurity brings together uniquely skilled testers and security researchers with fresh perspectives to uncover vulnerabilities in our defences that traditional assessment might have missed.
Proactive cybersecurity measures are vital in today’s hyperconnected environment where new threats are constantly emerging.
Diversity is a critical yet often overlooked factor in security and controls strategies. Moving to a ‘paid bounty’ gives us the ability to attract a wider pool of ethically-trained security researchers from across the globe,”NAB Executive Enterprise Security, Nick McKenzie
“We are excited to partner with NAB to assist in bolstering their innovative security strategy.
In addition to being one of the first in Australian banking to use the power of a crowdsourced security model, NAB has deployed an impressive layered security approach that is now complemented by Bugcrowd’s crowd of security researchers and platform which assists in finding security vulnerabilities faster and gather actionable insights to increase their resistance to cyber-attacks,” Mr Gupta said.Ashish Gupta, CEO, Bugcrowd
While researchers will work in live environments, they will not have access to any customer information, and activities will not affect NAB customers’ banking experience.
For more information, please visit: www.nab.com.au/about-us/security