Australian Retirement Trust CISO Jason Anderson shares insights on protecting Australian retirement funds from information security threats
Jason Anderson has been involved in information security for more than 20 years. He’s currently the CISO of Australian Retirement Trust, one of Australia’s largest superannuation funds with more than $200 billion in funds under management and over two million members.
Ahead of his appearance at CISO Brisbane 2022, we asked Anderson to share some of his biggest challenges, the cybersecurity uncertainties he often comes across in his sector, and how he’s supporting his teams and peers in strengthening resilience and advancing their practices.
Anderson originally became involved in the infosec space while serving in the defence force, where he was responsible for looking after secure communications networks.
“Once leaving the defence force I continued to learn and increase my knowledge of security and have been involved in security roles ever since. My security career has spanned a multitude of different industries in both Australia and the UK,” he says.
Addressing the Talent Gap
Anderson thinks the biggest challenge facing CISOs today is addressing the resource gap. He finds it is becoming increasingly difficult to find and retain great staff due to the demand across the industry for skilled cyber security professionals.
“We are looking to stand up an internship program within our team to try and provide opportunities for people who are re-skilling and trying to get experience in cyber,” he says.
“I feel there are many other professions where the skillset required translates well to cyber. To give some of these people who are passionate about our industry an opportunity to learn from experienced security practitioners could go a long way to addressing the skills gap.”
Rebuilding Digital Trust for an Evolving Landscape
With Australian citizens taking more control of their retirement plans and moving all their super into one account, the superannuation sector is seeing a significant increase in funds merging. While that makes it easier for people to manage their funds and save on fees, it also increases the risks of cyber threats to the industry.
“I think with the ongoing consolidation occurring within the superannuation industry, we are seeing a rise in the threats targeting our industry,” Anderson says.
“Ongoing consolidation will see the emergence of several mega funds with significant membership and an increasingly large quantity of funds under management. This will continue to increase cyber-related threats to the industry and make superannuation an attractive target for cybercriminals.”
Anderson is a firm believer in developing an organisation-wide security culture and the only real way to do this is to work closely with business stakeholders and demonstrate the benefits security can bring to their business processes.
“Building relationships with the C-suite and the board is essential to driving a top-down approach to embedding a security culture,” he says.
“I have found that having the heads of each business function involved in the governance of information security is essential to ensure they have buy-in and accountability for security within their business function.”
We asked Anderson to share some advice for other information security leaders on staying relevant in a rapidly changing and developing environment.
“I think for me the key is to continue to network with peers around the challenges faced by Information Security in various industries,” he says.
“Having a cross-industry understanding of the latest threats and challenges enables you to understand likely impacts to your business and what is needed to mitigate potential risks.”