Australia's COVID-19 contact-tracing smartphone app, COVIDSafe, was released on April 26. To adequately support public health efforts, the government set a target of 10 million downloads, equal to 40% of the population. A month later, we are still over 4 million people away from that target.
As individuals debated whether or not to download the contact-tracing app, more and more have been engaging with and listening carefully to security and privacy professionals, including friends and colleagues. Cybersecurity pros are now very clearly influencers, helping society in its quest to save lives.
So how did we get here? Being sought out as a trusted source of advice and guidance outside our own organizations is a far cry from our traditional "department of no" status. Over the past month:
- Individuals have remained cautious and concerned about privacy. This is not at all surprising, since security pros have been educating people on these issues for decades. In Australia, we saw how lack of trust due to prior incidents was used as a reason to not download. Citizens cited the My Health Record debacle, in which over 2 million Australians opted out of having an e-health record, the disjointed response to the census platform crash in 2016, and the government's blunder mid-pandemic with a backflip on claims that the myGov website crashed as a result of a cyberattack.
- But the security community has responded, led by CISOs and even CEOs. ASX 100 CISOs, service providers, and government cybersecurity advisors have actively, and very publicly, supported the app. Andrew Dell, QBE Insurance's CISO, outlined his intentions and reasons on LinkedIn, noting that "It is not a tracking app: it's a contact app and I applaud its construction and the very sensible minimum data set it captures." Lynwen Connick, the ANZ CISO, stated "I am running the COVIDSafe app -- to keep us all safe and return our lives to normal as soon as possible." And National Australia Bank (NAB) added its support for the app via a media release, with CEO Ross McEwan saying he intends to download the app and will send a note to NAB's 34,000 employees about its release.
- Other respected security community members have joined in. Well-respected security professional members have blogged and tweeted to clarify some questions, encouraging community support. The Australian Information Security Association, a 6,000-member-strong organization, released a survey to its members and found that 90% of members who responded to the survey (security professionals) have downloaded the app.
What Does This Mean For Cybersecurity And CISOs?
In the past, cybersecurity's reputation created problems. But as security professionals, we now have the opportunity to change that. How? By being visible, vocal, authentic advocates during this pandemic, and beyond, within both our professional -- and, more importantly -- personal communities. Here's how:
- Use your influence to benefit society. We are in a unique position to help society understand the implications of the app and support the public health of the country -- keeping people safe and returning lives to normal as soon as possible. I've already seen comments such as, "Reading your post, knowing experts such as yourself endorse the app, made me just go and download it."
- Provide practical advice and guidance. Be a steady, calming influence and help the community with their decision making. Use your visibility, experience, and platforms as a bulwark against misinformation and disinformation. This doesn't require a degree in epidemiology or a deep dive on the mechanics of COVID-19. It simply requires a willingness to engage in dialogue, share what you plan to do or have already done, and operate with a degree of transparency that you might not be used to.
- Embrace this moment as your time to shine. I want to go back to this blog's inspiration. During his powerful keynote in September 2019, my colleague Jeff Pollard predicted that 2020 would be cybersecurity's time to shine. Our analytical skills and practice of looking at problems from many different angles don't mean we must remain the department of no. In fact, it's the very opposite. Step up by leveraging your knowledge, expertise, and training to help demystify fact from fiction and help our communities stay safe during these challenging times.
This post was written by Principal Analyst Jinan Budge, and it originally appeared here.