NAB bolsters cybersecurity with bug bounty

NAB has announced the launch of a bug bounty program, in partnership with crowdsourced security company Bugcrowd. NAB will reward vetted security researchers who uncover previously undisclosed vulnerabilities in NAB’s environment.

Participants must have an ‘Elite Trust Score’ on the Bugcrowd platform. Nick McKenzie, NAB Executive Enterprise Security, said using controlled crowdsourcing methods would help NAB further test and strengthen its existing cybersecurity capabilities, to keep the bank and customers safe from cyber threats.

McKenzie noted that proactive cybersecurity measures are vital in today’s hyperconnected environment where new threats are constantly emerging.

“Controlled, crowdsourced cybersecurity brings together uniquely skilled testers and security researchers with fresh perspectives to uncover vulnerabilities in our defences that traditional assessment might have missed. Diversity is a critical yet often overlooked factor in security and controls strategies,” McKenzie said.

McKenzie acknowledged that moving to a ‘paid bounty’ enables NAB to attract a wider pool of ethically trained security researchers from across the globe. Ashish Gupta, CEO of Bugcrowd, expressed his excitement about partnering with NAB to assist in bolstering its security strategy.

“In addition to being one of the first in Australian banking to use the power of a crowdsourced security model, NAB has deployed an impressive layered security approach that is now complemented by Bugcrowd’s crowd of security researchers and platform which assists in finding security vulnerabilities faster and gather actionable insights to increase their resistance to cyber attacks,” Gupta said.

While researchers will work in live environments, they will not have access to any customer information, and activities will not affect NAB customers’ banking experience.

Image credit: ©stock.adobe.com/au/SasinParaksa