More than 856,000 (or one in five) Kiwis are affected by cybercrime each year, at an estimated cost to New Zealand of $257 million in 2016, according to Microsoft.
Breaches in cyberspace are commonplace today and cyber security is becoming increasingly more prioritised by businesses as a result.
New Zealand’s National Cyber Security Centre (NCSC) exits to assist nationally significant organisations including government departments, key economic generators, niche exporters, research institutes and operators of critical infrastructure, with specialist information security services, advice and support.
It defines a cyber-security incident as an “occurrence or activity that appears to have degraded the confidentiality, integrity or availability of an information infrastructure”.
In its 2016/17 report, the NCSC stated that New Zealand faces both direct and indirect cyber threats.
“The connectivity and speed of the internet has brought New Zealand closer to international customers, but it has also brought us closer to the global domain of malicious cyber actors,” it says.
“An accident at a nationally significant organisation is likely to have a wider impact on the functioning or administration of a key government or economic sector.
“Organisations should be aware of the risks that come with IoT, and demand baked-in security from providers and vendors.”
The report points out that modern organisations often rely on technology systems that are highly connected and in many cases, allow a range of third parties to access parts of their network (lawyers, accountants, suppliers, customers, and managed ICT and security providers). “Immunity of the herd will be critical to managing cyber risk.”
It identifies public attribution as one way to reduce the efficacy of malicious cyber actors, by revealing their tools or increasing the reputational costs of intelligence legitimacy.
“Underpinning insecurity in cyber space are many non-technical economic, social and strategic factors. For example, a consumer who places price ahead of security diminishes the economic incentive of businesses to improve the security of their products.”
In its independent evaluation it estimated the potential cost of advanced cyber harm on New Zealand’s nationally significant organisations to be in the order of $640million annually.
In 2017 the NCSC delivered a new advanced cyber defence (CORTEX). “The variety and seriousness of cyber threats from statesponsored and other malicious actors continues to evolve and the NCSC will continue to adapt to meet them,” NCSC director Lisa Fong said in the 2016/17 report.
The NCSC aspires to a strategic goal of “impenetrable infrastructure” by 2020.
The truth is, no one is ever 100 percent protected from hackers and online scammers — but there are things we can do to lessen our chances of an attack.
Good cyber security involves the following:
- Determining what assets you need to secure.
- Identifying the threats and risks that could affect those assets or your business overall.
- Identifying what safeguards you should put in place to deal with threats and secure assets.
- Monitoring your safeguards and assets to prevent or manage security breaches.
- Responding to cyber security issues as they occur (such as an attempt to break into business systems).
- Updating and adjusting to safeguards as needed (in response to changes in assets, threats and risks).
How cyber secure are you/your business?
- Are your software and operating systems kept up to date?
- Are your wireless networks secure?
- Have you set up firewall and other security?
- Do you have secure access to your devices and computers?
- How educated are you and your employees on cyber security?
By Lydia Truesdale