Cyber security issues down in Q1, still second highest to date
By Rebecca Howard
July 10 (BusinessDesk) - The number of cyber security issues reported in the March quarter fell 26 percent from the prior quarter but was still the second highest to date, the government's Computer Emergency Response Team said.
The Crown agency responsible for tracking, monitoring and advising on cyber security incidents registered 992 incidents, down from the record 1,333 in December quarter.
“This quarter we’ve worked with close to 1,000 Kiwis, from Invercargill to the Bay of Islands, to help them recover from cyber security incidents and build their resilience to new and evolving cyber security threats. In 2019, we’re focused on building that resilience even further," Cert NZ director Rob Pope said.
The incidents led to $1.7 million in direct financial losses, the lowest since the third quarter of 2017, the agency said. Organisations reported 61 percent of all direct financial loss and individuals reported 30 percent. Scams and fraud accounted for 75 percent of the financial losses.
Of the 992 incidents, 154 were referred to the police, one was referred to Netsafe, one was referred to the National Cyber Security Centre and eight were referred to the Department of Internal Affairs.
Another 191 events were automatically directed to other agencies and not recorded as an incident by Cert NZ. That happens when an incident is immediately identifiable as being outside Cert NZ’s scope and best dealt with by an agency with the right expertise, for example cyber bullying and online child abuse.
The first quarter saw 96 reported unauthorised access incidents, up 19 percent from the December quarter and the highest to date. Just over two-thirds involved individuals and 30 percent of those incidents involved financial losses totalling $329,000.
Attackers targeted a range of account types, including online banking, social media, cloud services and email. They do this for financial gain and to collect private information about the account holders and their contacts, Cert NZ said.
“It’s easy to trust our email and other online accounts, assuming that a password will be enough to keep us protected. Attackers rely on this trust and exploit it to gain access to personal and corporate accounts. In many cases this can result in the loss of personal information and more," said Pope.
Cert NZ recommends setting up two-factor authentication to accounts to add an extra layer of security.
The agency noted that while scam and fraud incidents decreased to 33 percent of all reports, down from 50 percent in the final quarter of last year, they still accounted for most of the financial losses.