Cert NZ receives 364 incident reports in first three months of operation
By Paul McBeth
Aug. 10 (BusinessDesk) - The government's Computer Emergency Response Team (Cert NZ) received 364 incident reports in its first three months of operation in what is hoped will build into a major database relating to cyber-security issues.
Of those incidents reported in the three months ended June 30, about 34 percent were phishing attacks, although the global WannaCry event in May triggered a spike in ransomware notices in the following week, the Wellington-based agency said in its maiden quarterly report. Director Rob Pope said it was too early to draw any conclusions from the data, although the incidents were spread across industries and entities of different sizes, and show no real concentration of attacks.
"The way the categories have fallen out reflects very much international trends," Pope told BusinessDesk. "The report actually does give us a visibility on real events in New Zealand now which is a good thing and we hope to use that as a platform progressing and evolving our future reports."
Cert NZ launched in April, acting as a one-stop shop for New Zealanders and local entities to find information on how to deal with cyber-security events, acting as a go-between for individuals, government agencies and businesses both big and small. It's responsible for monitoring, tracking and advising on cyber security incidents, and if it's granted permission, can pass on information to relevant agencies.
Cert NZ responded directly to 286 incidents in the quarter and referred eight to Netsafe and 70 to NZ Police.
As the cyber-security unit's database grows it's expected to analyse that information to create proactive guidance and advice for users. Pope said it's difficult to predict when that tipping point comes, and that Cert NZ's "first measure of success will be getting a consistently growing number of reports."
About 28 percent of people reporting incidents suffered financial loss, amounting to almost $732,000 in the quarter. That was through data loss, direct financial costs, reputation or technical damage, or lost productivity.