Cyber Attacks On The Rise In NZ - International Expert Urges Businesses To Get Familiar With Cyber Risks
With the number of recorded cyber security attacks and incidents across the country climbing 15 per cent over the last year, a leading global cyber security commentator is urging Kiwi businesses and organisations to better understand their cyber security risks, many of which need urgent review due to significant changes in the threat landscape.
Adam Boileau, executive director of Security Testing and Assurance at CyberCX, believes organisations are assessing their cyber security risk based on outdated information rather than keeping pace with the fast-changing world of the cyber threat landscape, which is currently made up of private and state-sponsored professional hackers.
The National Cyber Security Centre (NCSC) has released data showing NZ recorded 404 cyber incidents over the last year affecting ‘nationally significant organisations’. The incidents included ransomware, denial of service attempts and attacks on infrastructure. One of the most high-profile attacks was a breach of the Waikato District Health Board in May, which crippled the region’s health service at a time of extreme vulnerability, and exposed confidential patient data.
Adam says as attackers operate in an increasingly commercialised and commoditised way, the chance of cyber attacks is far higher.
“The motivation, resourcing, and ways in which attackers work have changed. There are multiple marketplaces for compromises, data and access. Along with changes in the geopolitical landscape, the ability for cyber attackers to make a profitable business of global, digital crime means organisations are more at risk than ever,” Adam says.
“When it comes to minimising risk, business leaders need to be allocating at least the same amount of time and resources to protection from cyber threats as they do for maintaining other key parts of their business. Looking after people’s data and personal information, protecting a business’s intellectual property and ensuring the availability of service has never been so important”.
The NCSC estimates their intervention prevented approximately $119 million worth of harm to nationally significant organisations in the year ending July 2021, however, businesses across New Zealand remain exposed to the risk posed by hackers sheltering out of reach of Western law enforcement, including in Russia, China, North Korea and Eastern Europe.
Adam says New Zealand is definitely on the radar of cyber attackers, and shouldn’t be fooled into thinking it is protected due to geographical isolation.
The NCSC’s report says people behind ransomware threats continue to adapt how they work and the tactics they deploy to maximise their profits. Adam Boileau says investing in cyber infrastructure needs to be constant, particularly as we work remotely and online in the pandemic.
“Now more than ever we’re relying on technology to run our businesses and our lives. Gone are the days where everything was on paper and filed away. Imagine waking up and losing access to everything - your bank accounts, data, customer/patient data, your entire operation. This is not a distant threat, it’s a real-life situation that businesses need to be constantly considering”.
He says that at the beginning of 2020, most businesses wouldn't have had a pandemic response plan. Most had to scramble and some fell at this hurdle. When it comes to cyber security, instead of waiting for an incident to affect them, businesses need to learn from experience and begin planning their response today, as well as assessing the true risk and cost to their operation if they were to be hacked.
ABOUT ADAM BOILEAU:
Adam has conducted comprehensive security reviews across a large range of industries and organisations for over twenty years. He has a deep interest in cyber security, past history, current events and future trends. Adam is executive director of the Security Testing & Assurance practice at CyberCX New Zealand and co-hosts the award-winning weekly information security news podcast Risky Business. He is a renowned and sought-after speaker and expert consultant on cyber security both in New Zealand and in the international community.
ABOUT CYBERCX:
Launched in October 2019, CyberCX brought together the leading cyber security experts from across Australia and New Zealand to become the leading end-to-end cyber security service provider in the Southern Hemisphere. With a workforce of over 900 professionals, across 20 locations, we help private and public sector organisations of all sizes realise the opportunity of better cyber security in an increasingly complex and challenging threat environment.
CyberCX exclusively manages cyber risk, offering a comprehensive set of services: consulting and advisory; governance, risk and compliance; incident response; penetration testing and assurance; security integration and engineering; cloud and identity security; managed security services and cyber security training. Visit www.cybercx.co.nz to find out more.