By Glen Maloney, ExtraHop ANZ Regional Sales Manager
The COVID-19 pandemic thrust ICT infrastructure into the spotlight, as businesses and organisations around Australia raced to migrate their workforces to a remote working model. Cloud-hosted applications can make it easier for organisations to scale up and support employees who’ve been sent home to work but the technology can come with a significant risk factor.
Application Programming Interfaces (APIs) used to streamline cloud computing processes can be exploited by bad actors to access sensitive corporate and customer data, unless rigorous protection measures are put in place.
Typically, those bad actors will look to hone in on two things: inadequate authentication and the increased use of open source software.
The former is often the result of developer oversight or carelessness. APIs which are open to the internet and have poor or no authentication represent a virtual open door for would-be infiltrators looking for an easy ‘in’.
The increased use of open source software, meanwhile, creates a broader vulnerability. While it can be a valuable time saver for hard pressed developers – why reinvent the wheel, after all? – its widespread use can leave many applications open to supply-chain attacks where attackers take advantage of vulnerabilities discovered in open-source components to steal data or gain privileges in applications.
Related article: The 10 riskiest Internet of Things devices in 2020
Cashing in on coronavirus chaos
Industry watchers are cognisant of the risk. IT research house Gartner posits that within two years APIs will be the most popular ‘in’ for hackers and cyber-criminals, in attacks targeting enterprise application data.
Opportunism has long been this cohort’s sine qua non and current conditions provide a prime opportunity for them to make mischief – and money – at the expense of organisations which may not have their eye on the cyber-security ball.
In late April, the Australian Cyber Security Centre (ACSC) warned cyber-criminals were continuing to target Australians and Australian businesses, through a range of COVID-19 themed scams, fraud attempts and deceptive email schemes. Since the pandemic began in early 2020, the agency has responded to 20 cyber-security incidents affecting COVID-19 response services and major national suppliers in the current climate, and disrupted more than 50 COVID-19 themed web sites.
ACSC Head Abigail Bradshaw noted the speed with which bad actors were able to adapt their techniques to target emerging vulnerabilities, and warned individuals and businesses to remain vigilant in the face of rising threats.
Related article: Port Kennedy community battery gives power to locals
Plugging the API security gaps
Prevention is invariably better than cure. Standard API frameworks which have security at their core – think the Open Cloud Computing Interface and the Cloud Infrastructure Management Interface – should be the basis of any API deployment strategy.
Designing interfaces with authentication, access control, and encryption in mind is basic API hygiene – the high-tech equivalent of regular and vigorous hand washing – as is the protection and non-reuse of APIs.
The final piece of the security puzzle is visibility – into activity on these APIs as well as the entire network and the traffic it carries. Solutions which provide this are a valuable weapon for security staff in the fight to identify and remediate API risks as they emerge. For example, they need to be able to see when a partner’s use of an API starts to deviate from normal, indicating that the partner may be compromised or acting nefariously.
Prioritising protection for cloud applications
Cloud computing processes continue to demonstrate their value, as Australian energy businesses pivot to embrace remote working models at unprecedented speed. Ensuring APIs are well secured will see local enterprises well placed to enjoy the benefits the cloud computing model can deliver, without opening themselves up to avoidable risk in the process.