Qantas Enhances Cybersecurity through Organization-Wide ‘Secure-by-Design’ Initiative
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
Qantas Advances Cybersecurity Across the Organization with ‘Secure-by-Design’ Initiative
The realm of cybersecurity is swiftly transforming, and Qantas is rising to the occasion by launching a thorough array of cybersecurity initiatives for the fiscal year 2024-2025. The airline is integrating secure-by-design principles throughout its entire organization and enhancing critical cyber capabilities through automation, ensuring strength in an increasingly digital environment.
Quick Summary:
- Qantas is reinforcing cybersecurity protocols, incorporating secure-by-design principles throughout the enterprise.
- Automation of essential cybersecurity functions is a key objective, utilizing technologies such as generative AI.
- The airline is enhancing governance over third- and fourth-party cyber risks, with a particular emphasis on its supply chain.
- Qantas is partnering with industry associates and the Australian government to strengthen sector-wide cyber resilience.
- Recent privacy incidents related to applications have catalyzed the company to refine its technology and privacy frameworks.
- Insights gained from both domestic and global cyber breaches are being utilized to bolster their cyber defenses.
Enhancing Cybersecurity Initiatives in 2024
Qantas’ 2024 sustainability report showcases a significant growth in its cybersecurity activities relative to prior years. While earlier reports emphasized cyber safety culture, awareness, and employee training, the latest findings indicate a transition towards improvements in processes, technology, and governance. These modifications arise in response to increasing complexity in cybersecurity threats, particularly within the aviation sector.
The airline is not only running phishing simulations and providing tailored cybersecurity training to its workforce, but it is now addressing broader and more complex issues. This includes refining governance processes to handle third- and fourth-party cyber risks—an essential aspect for safeguarding the company’s supply chain. These initiatives are part of Qantas’ ongoing strategy to ensure its cybersecurity framework is sufficiently strong to mitigate risks from both direct suppliers (third parties) and their suppliers (fourth parties).
‘Secure-by-Design’ Practices in the Spotlight
Qantas is wholeheartedly adopting the “secure-by-design” methodology, which has become fundamental to cybersecurity strategies across numerous industries. Similar to the National Australia Bank (NAB), Qantas is concentrating on embedding secure-by-design practices within its operations. Secure-by-design means that security is integrated into the design and development stages of software and systems, rather than being incorporated later. This strategy minimizes vulnerabilities and enhances the overall security architecture from the outset.
In FY25, Qantas intends to continue evolving secure-by-design practices and further assimilate them throughout the organization. This proactive strategy is crucial for establishing a resilient infrastructure capable of enduring both internal and external threats.
Automation and AI: The Future of Cybersecurity
Qantas is also looking ahead by automating critical cybersecurity capabilities. Automation within cybersecurity aids in streamlining processes such as threat detection, incident response, and vulnerability management, enabling the airline to react to threats more quickly and effectively. The airline is harnessing new technologies, including generative AI, to further enhance these capabilities.
Generative AI can aid in recognizing patterns in cyber threats that traditional methods might miss. This enables quicker remediation of vulnerabilities and stronger defenses against emerging threats. By automating essential facets of its cybersecurity operations, Qantas seeks to bolster its overall resilience and stay proactive in the ever-evolving cyber threat landscape.
Partnership with Industry and Government
Cybersecurity is not solely an internal concern for Qantas; it is a collective industry challenge. To tackle this, Qantas is joining forces with other aviation sector players and the Australian federal government to enhance cyber resilience throughout the industry. This partnership is crucial, as the aviation sector is a primary target for cyberattacks due to its dependence on complex systems and sensitive customer information.
Through close collaboration with industry peers and governmental entities, Qantas aims to establish a consolidated defense against possible cyber threats, ensuring the safety and security of its operations and customer data.
Learning from Previous Challenges
Qantas has gained important insights from a recent privacy issue that arose in May 2023. Due to a technological update, the Qantas app briefly malfunctioned, showing data from other customers. The airline took immediate action, voluntarily reporting the issue to the Australian privacy regulator and informing affected clients. This incident underscored the need for more robust privacy and data security measures.
Qantas has since utilized the lessons learned from this event to enhance its technology and privacy frameworks. More broadly, the organization is also examining high-profile cyber incidents that have impacted other Australian and international firms, applying these insights to further strengthen its cybersecurity measures.
Conclusion
Qantas is making significant strides to enhance its cybersecurity framework, focusing on integrating secure-by-design practices across the organization. The airline’s broadened initiatives in automating key cybersecurity functions, improving third- and fourth-party risk management, and collaborating with industry peers and government entities reflect a proactive stance on cyber resilience. Additionally, the airline is leveraging new technologies such as generative AI to stay ahead of potential threats while learning from past incidents to uphold the highest standards of data privacy and security.
Q: What does the ‘secure-by-design’ approach entail, and why is Qantas adopting it?
A:
Secure-by-design is a cybersecurity approach in which security features are integrated during the design and development phases of software and systems. Qantas is adopting this method to ensure security is rooted in its operations, thereby reducing vulnerabilities and enhancing overall resilience to cyber threats.
Q: Why is Qantas prioritizing third- and fourth-party cyber risks?
A:
Third- and fourth-party cyber risks arise from external suppliers and their suppliers, potentially impacting Qantas’ supply chain. By strengthening governance in these areas, Qantas aims to reduce the risks of cyber incidents that could indirectly affect its operations through these supply chains.
Q: How will automation and AI enhance Qantas’ cybersecurity capabilities?
A:
Automation and AI will assist Qantas in streamlining key cybersecurity operations such as threat detection and response. By employing generative AI, Qantas can recognize patterns in cyber threats more efficiently, which facilitates quicker and more effective reactions to potential risks.
Q: What actions did Qantas take following the recent app-related privacy incident?
A:
After the privacy issue in May 2023, Qantas voluntarily reported the situation to the Australian privacy regulator and reached out to affected customers. The airline has since leveraged this experience to bolster its technology and privacy measures in order to avert future incidents.
Q: What significance does collaboration hold in Qantas’ cybersecurity strategy?
A:
Qantas is collaborating closely with aviation industry peers and the Australian government to enhance cybersecurity across the sector. Such collaboration is vital for establishing a united front against cyber threats, particularly in an industry characterized by complexity and interconnectivity.
Q: What are Qantas’ plans for enhancing its cybersecurity in the upcoming financial year?
A:
During the 2024-2025 financial year, Qantas intends to continue strengthening secure-by-design practices, augmenting internal and external security testing, and further automating key cybersecurity processes. The airline will also investigate new technologies such as generative AI to strengthen its defenses.
