NZ Underspending On Cyber Security
NZTech chief executive Graeme Muller says it was great to see an increase in spending on cyber security in the Budget but more is needed as the economy rapidly becomes more digital.
The risk of not investing enough in cyber security is an increasing amount of financial loss by businesses, risk of catastrophic infrastructure shutdowns, like the Waikato hospital last year, and identity theft of Kiwis, he says.
The government agency tasked with providing cyber resilience support to private sector organisations and individuals, CERT NZ, was provided $30 million in the Budget.
This funding, over four years, will support the completion of work on the cyber resilience measurement framework, uplift the cyber smart programme, pilot a victim remediation service and fund the development of a technology solution to make it easier for individuals and organisations to report and respond to cyber incidents.
CERT NZ has just released its first quarterly report for 2022 providing an overview of the 2333 reported cyber security incidents impacting New Zealand.
The report shows that phishing and credential harvesting continue to grow and be the most common means of entry for cyber attacks.
Phishing (pronounced: fishing) is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information, such as credit card numbers, bank information, or passwords, on websites that pretend to be legitimate.
There were seven incidents where people were scammed out of more than $100,000, including unauthorised access to business emails, a romance scam and an investment scam.
The Budget also included cyber security investment of $18 million over four years for the government communications security bureau (GCSB) to allow the national cyber security centre to maintain and improve its cyber security and information security services that help protect New Zealand’s most significant information infrastructures from the increasing frequency and severity of cyber attacks.
Other government agencies also received multiyear budget funding to increase cyber security including the Ministry of Education ($27 million), the Ministry of Justice ($12 million), the Department of Corrections ($59 million), the New Zealand police ($24 million) and the Serious Fraud Office ($1 million).
In comparison, the Australian government announced a $9.9 billion investment in cyber security in their federal budget and the US president’s budget request lifted cyber security spending 11 percent for 2022, spending $10.9 billion on civilian cyber security alone, Muller says.
“While you could argue that they are much larger countries, our cyber security investment is in millions not billions.
“Ernest Rutherford once said ‘we haven’t the money, so we’ve got to think’. NZTech and Brightstar Events are hosting the eighth annual NZ cyber security summit in July bringing together tech leaders, cyber professionals, entrepreneurs and the government to share insights on the latest attacks and the latest technologies and methods of defence.
“One of the keynote speakers, cyber tech entrepreneur Andy Prow, will be sharing his experience of building a successful global cyber security company from New Zealand, and the importance of expecting our digital world to be as safe as our physical world.”
Other speakers include Nadia Youssef, the incident response manager at CERT NZ, Helaman Tangiora, head of digital transformation at Tainui Group; and Michael Jagusch, from the National Cyber Security Centre.