Wesfarmers is to establish offensive cyber security capabilities through a new “Cyber Fusion Centre” that will serve the conglomerate’s retail and industrial businesses.
The company, which owns brands like Bunnings, Kmart, Officeworks and Catch, is in the process of standing up the centre within the group's cyber security team.
The “proactive” and “intelligence-driven” centre is intended to help protect the group’s “businesses, customers and stakeholders from ever-evolving and sophisticated global cyber security threats”.
A cyber offensive lead is being recruited, reporting to group chief information security officer Daniella Traino.
The lead will work to improve Wesfarmers’ “cyber security posture... by identifying cyber defence gaps, recommending changes”, and steer red and purple team engagements.
A spokesperson told iTnews that Wesfarmers’ cyber security team is “being expanded to increase capabilities for responding to, and preparing for, cyber threats”.
“This enhances our understanding of threat actors, tools, techniques and practices to make our systems safer by design and to safeguard critical information, assets and services,” the spokesperson said.
iTnews understands the new cyber fusion centre will not engage in hack-back activities, which remain illegal in Australia.
Under the Cybercrime Act, unauthorised access to, or modification or impairment of, data held on a computer is prohibited, though it does not draw distinction between hacking and hacking back.
In 2018, former director-general of the Australian Signals Directorate and now director-general of security Mike Burgess said companies should steer clear of any hacking back.
“I’ve heard of boardrooms in Australia contemplating the prospect of hacking back to defend themselves against potential attacks.
“That should not be part of any organisation’s cyber security strategy; that would be an illegal act here in Australia," he advised.