Commonwealth Bank’s $1.6 million plan to turn us all into hackers
IF YOU were born before 1985, you probably remember the cult film Hackers, starring a pixie-haired Angelina Jolie and her soon-to-be husband Jonny Lee Miller.
Back when the internet was an exciting new toy and computer security was a strange alchemy best performed by characters with names like Acid Burn and Crash Override, the world had no idea what was in store.
These days, hacking has come out of darkened bedrooms and become a legitimate — and vital — profession.
So much so that Australia’s largest bank is investing $1.6 million in a free online training program that aims to equip us all with the same skills used by the criminals who break into computer networks and wreak havoc.
Computer security professionals, sometimes referred to as “white hat” hackers, are paid by banks and other businesses to look for weaknesses in their online systems, called “penetration testing”.
But while a generation of self-taught operatives — real-life versions of the Hackerscharacter Dade Murphy — have grown up to take on high-level positions in banks and consultancy firms, the talent pool is drying up.
There are a million unfilled cyber security jobs around globally at present, meaning those who have the required skills can demand top dollar — including in Australia.
The explosion of our $79 billion digital economy, tipped to grow to $140 billion by 2020, means demand for security experts is far outstripping the number of graduates from the university courses that teach what is becoming an increasingly complex set of skills.
That’s why the CBA is partnering with the University of New South Wales to build a free online course for anyone and everyone who wants to learn hacking, starting in February.
The Security Engineering Partnership (or “Sec. Edu”) will help build an army of white-hat hackers to battle the rising menace of cyber intrusions, identify theft, malware attacks, trojans, bots, and other malicious pieces of software.
CBA’s chief IT security and trust officer Ben Heyes told news.com.au the bank’s decision to tip such a huge sum of money into the project went beyond its own recruitment needs. There is nothing to stop rival banks from benefiting.
“We don’t think this is something we should do just for ourselves,” Mr Heyes said.
“At a macro level, we want Australia to be a safe and secure place to do business. We see this from a national economic perspective, with the transformation that is happening as Australia is pivoting away from mining.”
He said the digital transformation needed to rev up our online economy “is only going to happen in a safe operating environment”.
UNSW Associate Professor in Computer Security and Cybercrime Richard Buckland said the course would not hold anything back.
Asked if putting hacking tools into the public domain posed a risk of falling into the wrong hands, he said: “The consensus at the moment is that the bad guys already learn the stuff themselves. At the moment, anyone can be a hacker ... We won’t be teaching anything that a bad guy doesn’t know.”
UNSW is the only university in the country to teach both attack and defence in a practical, hands-on way, an approach that has seen its students win the annual Telstra and Federal Government sponsored Cyber Challenge four years in a row.
The challenge is a non-stop 24-hour “capture the flag” contest, where students universities and TAFEs compete for points as they test the security of a fictitious company’s IT systems.
With a maximum enrolment of 300, Prof Buckland said, UNSW is unable to teach the number of students who want to sign up.
Brendan Hopper is not your usual bank manager. This is his actual LinkedIn profile pic.Source:Supplied
One of the university’s lecturers is Brendan Hopper, a self-taught hacker who, at 31, has risen to a management position at CBA.
As the bank’s Head of Business Unit Cyber Architecture and Application Assurance, Mr Hopper is responsible for a team of penetration testers.
Mr Hopper said what made the job fun was that it combined the analytical with the creative.
“It uses both sides of your brain and it’s really challenging,” he said.
“You need to be able to think like an attacker.”
This involved an incredibly in-depth breakdown of computer programs, to the point where “you get a better knowledge of the program than the person who wrote it in the first place”.
From his beginnings as a 12-year-old computer geek, Mr Hopper has seen the hacking landscape change as technology grew more sophisticated.
“In the 1980s, computer security wasn’t improving and attackers didn’t evolve,” he said.
“It’s grown dramatically, particularly in more specialised areas. When I was 15, I knew half of the people in the Western world doing that sort of thing, probably a few hundred of us.”
Today, there are too many to count — yet companies can’t snap up the good guys fast enough.
According to Australian Security Magazine, cyber crime costs Australian companies an average of $4.9 million a year, per organisation — up 13 per cent from the previous year. The average time to resolve a cyber attack is 31 days, at a cost of $419,542.
So it’s not surprising that, according to Seek, the number of cyber security roles advertised in Australia has grown by more than 60 per cent in the past twelve months.
Sec. Edu will teach the next generation of cyber warriors needed to fill this gap, with its enrolment website stating: “Everyone welcome. Just bring your wits, cunning, and passion. And keep your eyes peeled for the McGuffin.”