Cyber security now more a human than technical issue

Cyber security now more a human than technical issue

New Zealand organisations are dealing with growing numbers of cyber-attacks let in by their own people but are not doing nearly enough to understand the issue and develop ways to protect themselves, says Origin IT, a leading local expert in information security.

The company’s own experience dealing with hundreds of clients in New Zealand shows around 50 per cent of unidentified emails received by businesses will be opened by employees with around 30 per cent clicking on a link, which in many cases is enough to let in an attack.

Despite this growing threat, the Institute of Directors (IoD) agrees businesses aren’t doing enough to educate their people saying 62 per cent of New Zealand’s businesses are not ready for cyber attacks1.

Michael Russell, CEO of Origin IT says businesses need to think about their people first and technology second to achieve the best information security:

“Our relaxed nature in New Zealand means we’re too trusting and we’ve become a soft target to attacks from anywhere in the world - the way we approach information security needs to change,” he says.

“It is no longer enough to buy the best technology as people have become the weak point, they will make mistakes and let an attack in, whether intended or not.

“It also only used to affect large organisations but now every day we hear of SMEs being hit with damaging and costly results.

“So all organisations need to look at this issue from a people point of view. Information and knowledge is now one of most valuable assets so while the best technology is guarding your front door, your back door is open and your people will let your valuable information out,” he says.

These assertions are backed by PWC’s 2016 Global State of Information Security survey, which placed current and past employees far ahead of hackers as the likely source of security incidents, with current service providers, consultants and contractors closely behind.

Simon Arcus, Chief Executive Officer of the Institute of Directors, says boards need to lead in this digital age:

“We live in a digital world where technology, cyberspace and the Internet of Things bring opportunity and risk. Technological change and innovation are transforming the way businesses is done with most businesses now relying on technology to operate.

“Cyber was ranked number two in the recent IoD NZIER Director Sentiment Survey clearly showing directors remained concerned. Directors need to approach cybersecurity as a whole of business issue. The board’s role in technology governance is about leadership in this new era – put cyber security on the agenda before it becomes the agenda.

“It is also important for directors to ensure its board has the skills and experience to ask management, CIOs, CDO or technology teams the right questions to ensure confidence in the organisation’s resilience.”

The Symantec Internet Software Threat Report 2016 revealed New Zealand having 108 attacks per day last year from ransomware, malicious software that blocks a computer until a sum of money is paid, a 160 per cent increase on 2014.

The Government’s launch of the Computer Emergency Response Team (CERT) in May this year, indicated breaches of cyber security costs the New Zealand economy $257 million in 2015 and affected more than 856,000 New Zealanders.

New Zealand businesses are being targeted by cyber-attacks masquerading as legitimate companies that outwit spam filters and all other technological defences. These increasingly sophisticated attacks fool employees into opening unidentified emails and click links. This can lead to the loss of vital identity and business information, and wide impacts on organisational finances and brand reputation, employees, customers and other stakeholders.

“We want all organisations to be more aware of the issue and how cyber threats operate – if we know this, we can all play a part,” continues Michael Russell.

“As an innovative country there is too much at stake to let our guard down and let attacks in. This issue will affect everyone in New Zealand and it’s our responsibility to protect ourselves and our livelihoods,” he says.

“Effective information security for any business is like the brakes on a car – having them means you can drive safely and faster without problems – having the best security system is actually an opportunity to excel,” he says.

The issue of cyber security and how to address it from a human and technical perspective was discussed at an event in Auckland on 7th July, hosted by Origin with guest speakers from the Institute of Directors, law firm Bell Gully and healthcare company Argenta.

The event covered cyber strategies and issues management, governance and regulatory issues, cyber insurance and discuss case studies from around the world showing how sophisticated attacks are becoming.

Origin’s approach to information security is to review each business, assess vulnerabilities from a human and technical perspective, test solutions, train personnel and then implement, with ongoing support and auditing.

It believes the best cyber security comes from constant review, testing and management and providing affordable solutions, tailored to each business. In 2015, it acquired Optinet, a specialist in data security and networking.

ENDS

© Scoop Media