Stewart Stacey, an Indigenous cyber security expert, says the work from home model during the COVID-19 pandemic has presented cyber criminals unprecedented opportunities to target businesses, making the pandemic "a cyber security crisis".
Binary Security is one of a handful of Indigenous businesses involved in cyber security. For this company and Stewart Stacey, its founder and CEO, 2020 started brilliantly.
"Business was going so well, we'd just opened a new branch in Adelaide at the beginning of the year. The first one out of Darwin," Mr Stacey told NITV Radio.
Then, out of the blue, the tentacles of the COVID-19 pandemic that were spreading across the world reached the Australian shores.
- With many employees working from home due to COVID-19, incidents of cyber attacks, such as phishing, have increased
- Cyber security expert Stewart Stacey says the weakest link in the cyber security is "always the human link" if they are not trained to identify cyberthreats
- In response to increased online threats, the cyber security industry has devised novel solutions to safeguard businesses
As drastic safety measures were implemented to contain the pandemic, the company had to close its branches and move its operations online to adapt to the work from home model.
“We’ve had to adapt and move online, not the best way to do business, but that’s the only option that was left for us,” Mr Stacey says.
He explains that for most businesses the transition was as much the result of government-imposed bio-safety measures but also a consequence of tremendous pressures from employees afraid of getting infected with the virus during their daily commutes to or from work.
He says many corporations had so far resisted the push for letting employees work from home to minimise exposure to cyber threats which began to mount once the employers relented.
“As expected, the scramble to adopt the WFH practices has pushed the number of reported vulnerabilities skyrocketing."
Mr Stacey says some companies only felt safe to let their employees work remotely as long as they were able to provide them with adequate hardware loaded with company approved programs and strong security software.
But, the supply of equipment could not keep up with the dazzling speed of adoption of WFH.
“To complicate matters,” he observes, “a few large companies put in large orders of laptops and computers to distributors around Australia draining stocks quite early in the crisis.”
While unable to source new equipment and under tremendous pressures, many companies were forced to allow their employees to use their personal laptops and computers while working from home.
These businesses had to keep their doors open somehow and cash flowing. So, they took the risk, which increased their vulnerability dramatically in the process.
COVID-19 email scams have gone through the roof in every country.
"These companies had no control over their employees’ equipment and had no idea whether it was already compromised with viruses or other malware.”
“Most Information Communication and Technology teams are having a heart attack when faced with the situation whereby staff are using their own computers for work, simply because they don’t have any control over this equipment.”
As a cyber security professional, Mr Stacey says that a lot of companies, especially the smaller ones or the less funded ones, don’t have ICT teams.
“What we are finding is that organisations that are less generously funded concentrate more on their core business. Cybersecurity is not a high priority in their expenses.”
“As expected, the scramble to adopt WFH operations has pushed the number of reported vulnerabilities skyrocketing.”
“Hackers are taking advantage of the situation. COVID-19 email scams have gone through the roof in every country. It is basically what we’d call a cyber security crisis.”
Mr Stacey says human weaknesses add a significant layer of vulnerability to businesses in the face of already increasing cyber-attacks. He identifies phishing as "the most insidious trap" that catches unprepared or untrained people regularly.
“As we say in the profession, the weakest link is always the human link. Companies can install as much anti-virus software as they want. At the end of the day, if they don’t train their staff to identify security threats they are going to get hit."
The pandemic has created new opportunities and call on First Nations people to come on board
On the other hand, Mr Stacey says, the increased demand for online working and concomitant security risks have presented new opportunities for the cyber security industry with many companies expanding the services to include novel IT solutions, and services particularly focused at warding off cyber threats aimed at small businesses.
Mr Stacey stresses that Indigenous businesses are as vulnerable as any other business as they use the same technology as everyone else.
However, he says Indigenous businesses are among the less generously funded and the least likely to dedicate high proportions of their budgets to cyber security expenses.
Stewart Stacey would like to see more Indigenous people and businesses engage in high-tech industries including cyber security and move away from land-based activities which, he believes, have become the default fields of work for First Nations people.
“We are really lacking in these fields and we really would like to change that.”