Thursday 05 May 2016 02:49 PM
Industry to advise on new cyber crime unit; SMEs credentials scheme planned
By Fiona Rotherham
May 5 (BusinessDesk) - Communications Minister Amy Adams is setting up a private sector advisory board to help set up and run the new national Computer Emergency Response Team and introducing a cyber credentials scheme for small businesses later this year.
In a pre-budget announcement this morning, Prime Minister John Key told the country’s first ever Cyber Security Summit in Auckland that the government will spend $22.2 million over the next four years to help combat cyber crime, which is estimated to impact more than 856,000 New Zealanders each year.
The national CERT will help prevent and act on cyber incidents in partnership with the private sector and other organisations.
Attacks can range from computer viruses and malware, credit card fraud, online scams, phishing and identity theft through to full-scale incidents such as the leaking online of company information experienced by Sony Pictures, the theft of credit card details from more than 110 million customers of US department store Target, or the shutdown of Ukraine's power grid.
A recent report indicated cyber crime costs New Zealand’s economy $257 million in 2015, though Adams said she suspects the real cost may be higher still.
The Government’s National Cyber Security centre logged 316 incidents in the year to April 2016, up from 190 in the 12 months to June 2015. Adams said in a typical month the GCSB through Project Cortex detects seven potentially significant cyber intrusions affecting one or more substantial New Zealand organisations.
“Cyber crime is now bigger than the drugs trade internationally,” Adams said, and New Zealand businesses and boards need to manage their own risk with a cyber crime strategy that doesn’t just sit within IT.
Adams said CERT, which is being modelled on similar units in other countries, will be a one-stop shop for incidence response to cyber crime – taking reports for analysis and referring incidents to the right agencies. It will also pass on to companies an informed picture of the cyber security threat in “real time”, she said.
“Most cyber incidents emanate from other countries so offshore coordination will be important,” she said.
CERT NZ will initially sit within the Ministry for Business, Innovation and Employment to get it up and running quickly but Adams said that’s unlikely to be its long-term structure.
She’s opened applications for private sector experience for a CERT advisory board as “it won’t reach its full potential without a strong private sector voice”.
Adams also wants to build the cyber capability of small and medium-sized enterprises as international research shows cyber criminals are increasingly focusing on smaller firms.
A US study found 60 percent of SMEs went out of business within six months of a data breach. “The per capita cost of cyber crime for small organisations is three times greater than for a large organisation,” she said.
Adams said she wanted a cyber credentials scheme up and running by later this year to assess whether companies have basic cyber protection in place that they could then publicly demonstrate to customers and suppliers.
Similar to the UK’s Cyber Essentials scheme, it will involve self-assessment and independent verification through a certification process.
In 2011, the government launched its first every Cyber Security Strategy and opened a National Cyber Security Centre to help defend government agencies and critical infrastructure providers against cyber threats.