QUAD catching up to global IT security threats in a post Covid world
One of the most noticeable consequences of Covid-19 is the massive increase in global reliance on technology to provide critical products and services. In the midst of a pandemic outbreak, it is not even safe for our most vulnerable members of society to venture to the bank to pay a bill, to the chemist to collect a prescription and even sometimes to the grocery shops. In many circumstances infected (and potentially infected) people are unable to leave their houses at all for weeks.
Along with the worldwide need to work from home, this pandemic and ensuing restrictions have clearly led to a massive need for people to consume online and delivery services instead of traditional shopping.
While this boom has been great for both delivery and technology service providers, and the many companies that have already invested heavily in the innovation required to meet this demand, the surge created has cased huge increases in the opportunities for cybercriminals to ‘cash in’.
Accelerating security impacts
The ACCC have observed an increase in reports of scams from an average of 13,983 scam reports per month in 2019 to an average of 30,572 in the last 3 reporting months of 2021 (June-Aug): https://www.scamwatch.gov.au/scam-statistics?scamid=all&date=2021 This shows that there has been more than double the activity of scammers recently. This coincides with the timeline many Australians have been forced into lockdowns in both New South Wales and Victoria.
While most of the scams are phishing scams there has been a recent large uptick in hacking scams as well:
Given all this hacking activity, and the global nature of modern fraud, you’d hope that somewhere there are people waking up to the threats, not just to individuals, but also to the businesses, organisations and government’s departments that provide all these critical IT services we are now SO dependent upon. The problem is a world-wide issue that will take international leadership and efforts to start to solve.
What have the ‘QUAD’ announced
The QUAD (also known as the ‘Quadrilateral Security Dialogue’ or ‘QSD’) are a group of four democratic countries; Australia, India, Japan and the United States who have joined to provide a strategic forum aiming to work towards a free, open, prosperous and inclusive Indo-Pacific region.
Recently, the QUAD released a document, ‘Quad Principles on Technology Design, Development, Governance, and Use’, that outlines their vision for Technology.
As well as promoting fairness, innovation, interoperability and resilience to supply chains one of the big focus points is what they say about security. With respect to security values, they say
Technology should not be misused or abused for malicious activities such as authoritarian surveillance and oppression, for terrorist purposes, or to disseminate disinformation.
And with respect to building trust in technology they say
We expect technology suppliers, vendors, and distributors to produce and maintain secure systems, and to be trustworthy, transparent, and accountable in their practices. Technology developers should also build in safety and security-by-design approaches so that robust safety and security practices are a part of the technology development process. Illicit transfer or theft of technology is a common challenge that undermines the very foundation of global technological development and should be addressed.
Read the announcement in full here: https://www.whitehouse.gov/briefing-room/statements-releases/2021/09/24/quad-principles-on-technology-design-development-governance-and-use/
Why do we believe this is so important to what we do at Innablr?
No matter what, every large organisation needs technology in some form, and every single one of those organisations will aim to get features in front of their end consumers as quickly and painlessly as is possible usually with the help of many suppliers, including Innablr.
As best practice advocates, we strongly believe this race to get features in front of customers must be tempered by recognition that accelerating efforts and sophistication of those working against the values of the Quad are not ignored. In fact, I would strongly argue experts like Innablr must double down on our efforts to advocate for accelerating our client’s cloud and toolchain security capabilities to match the increasing threats.
Our CTO and Engineering Manager, Prateek Nayak says “Security is always one of the greatest unknowns. Beyond simply box-checking, at Innablr we love to work collaboratively with our clients to ensure vulnerabilities and risks are identified and understood so that we can work directly with them to provide assurance that they no longer present a risk to their systems, data and customers. With our Cloud Governance and DevOps background we are incredibly experienced at doing this all over Australia in all sorts of industries!”
I couldn’t have put it any better!