QR-code check-in apps are, "A breach waiting to happen"
If anyone had predicted half the things that happened in 2020, we should be paying them a lot to give us predictions for 2021! Going into 2021, we should expect many of the key cybersecurity trends from this year to continue in Australia.
Increase in attacks taking advantage of the new reality
Distracted workers, global pandemic, cost pressures from recession, remote access, accelerated adoption of cloud services. Each of these alone would be cause for concern for cybersecurity professionals. All these macro trends happening simultaneously requires us to have the highest level of vigilance against those who would take advantage of these situations.
Threats in 2021 will continue to target the weakest link in the chain – the human element. Three areas for potential concern in Australia include:
COVID-19 check-in apps – Over the past six months, Australians have become accustomed to using smartphone cameras to scan QR codes for contactless signing in when visiting COVID safe businesses, such as restaurants, cafes or gyms. This is a breach waiting to happen. Many of the apps aren’t well built, yet we’re putting all our personal details into them. All businesses should be forced into using the same regulated app, such as the one from Service NSW, that has been adequately secured.
Contact tracing – There will be an increase in scams targeting contact tracing in Australia, with opportunistic cybercriminals acting as contact tracers to get personal details out of unsuspecting victims. How do victims really know who is calling them? Most likely there will be some critical information sort after, such as credit card details, passport numbers or other details.
COVID-19 vaccines – With Australia speeding up its production of vaccines, as well as interest in those been developed overseas, malicious campaigns are likely to surface that take advantage of the heightened awareness (and hope!) Victims may be asked to sign up to secure their spot to receive a vaccine whenever it's released, with the aim to phish personal details out of people.
All of these malicious campaigns really highlight the need for a greater focus to be placed on cybersecurity awareness, education and training.
Shortage of key resources to help mitigate security issues
Security executives will need to achieve the same level of security or more with tighter budgets in 2021. There will also be a continued shortage of cybersecurity talent in Australia despite the recession and COVID-19 job losses.
It’s worth highlighting that Australia’s Cyber Security Strategy 2020 recognises this and is pushing business and government to focus on tackling this problem. Specifically, the Cyber Security National Workforce Growth Program promises to help businesses build a strong workforce of skilled professionals. It will be underpinned by a $26.5 million Cyber Skills Partnerships Innovation Fund to encourage businesses and academia to work together to find innovative ways to improve cybersecurity skills in Australia.
Increased focus on zero trust to secure distributed enterprises and remote workers
COVID-19 and the transformational pressure it has created on work habits and environments will continue to place corporate endpoints predominately outside the network perimeter in 2021. This will provide increased attack surfaces into organisations.
To reduce the security risk in these environments, a zero trust approach will be the big focus for organisations in Australia next year to provide secure, reliable and fast access to cloud or on-premise applications and workloads from any device and location. This ensures only the right person, with the right device and the right permissions has access to company resources.
Migration to cloud will continue at full speed, but security mustn’t take a back seat
COVID-19 forced many companies in Australia to significantly accelerate their migration to cloud services to address lockdowns and remote workers. Two key trends will continue in 2021. First, new applications will be delivered as SaaS instead of on-premises implementations. Second, and more importantly, existing on-premises applications are migrating faster to cloud.
While riding this wave of cloud adoption, don’t let security take a back seat due to budget and resource constraints. Make sure you know who is responsible for the security of infrastructure, workloads and assets in the cloud. Many don’t fully understand the responsibilities of both their organisation and public cloud provider, which could leave gaps. Threat protection must get the attention it deserves to avoid causing reputational and financial damage at a time when most companies can least afford it.
Mark Lukie is sales engineer manager in APAC for Barracuda