CERT NZ receives highest number of reports for quarter yet
The latest threat report released by
CERT NZ today shows over 700 cyber security incidents were
reported from 1 April to 30 June - the largest ever volume
for a single quarter – cementing CERT NZ’s role as a
central coordinator in New Zealand.
Phishing reports are also up significantly this quarter; from 196 in quarter one, to 455 in quarter two. This leap in reporting comes from closer collaboration with the financial sector, and has enabled us to get a better picture of the phishing campaigns that constantly target New Zealanders.
“The rising number of reports we are seeing demonstrates the growing level of trust for CERT NZ as a central front door for cyber security issues,” says CERT NZ Director Rob Pope. “But the volume of incident reports is only one aspect of the work we do, and this quarter CERT NZ is pleased to be able to share deeper analysis and categorisation of reported vulnerabilities.”
A vulnerability is a weaknesses in software, hardware or an online service that can be exploited to damage a system or access information. 69 vulnerability reports were received over quarter one and two of 2018, with 15 handled under our Coordinated Vulnerability Disclosure policy (CVD).
Mr Pope encourages all organisations to have a plan for vulnerability reports, “A little careful planning and talking to us ahead of time is likely to make the process much less painful for everyone involved.”
CERT NZ values working with people and organisations at all levels of the cyber security ecosystem within New Zealand, and thanks to the data received through reporting, CERT NZ is able to drive other key initiatives. For instance, in quarter two, CERT NZ received a report from an online e-commerce store that had repeatedly suffered breaches over the course of a year.
“We were able to help them identify the key areas where their website’s security was falling short and to understand why these weaknesses hadn’t been resolved by their temporary and partial fixes,” says Mr Pope. “With guidance from our team, they were able to take steps to resolve the weaknesses and keep the attacker out for good.
“It’s information from cases like this that enable us to create data-driven content that helps Kiwis stay resilient to cyber security threats. When we saw that New Zealand business websites were experiencing issues, we used this information to create a focused guide for businesses, with key measures they could take to protect themselves.”
The CERT NZ guide to
securing business websites is available on the CERT NZ
For more insights into what CERT NZ has seen in the New Zealand threat landscape in quarter two 2018, see the CERT NZ Quarterly Report [link]. If you or your organisation experiences a cyber security issue report it to CERT NZ at www.cert.govt.nz