Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

The cyber security war: How NZ businesses are affected

25 November 2019
The cyber security war: How New Zealand businesses are affected
New research on cyber threats facing New Zealand organisations

More than a third of NZ businesses have been hacked in the past year.
42 percent of businesses expect their company will be hacked in the next year.
20 percent of businesses said they would pay a ransom between $10,000 – $20,000 to retrieve stolen data. Almost one in 10 would pay more than $50,000.
One in three Kiwi businesses haven’t assessed the impact a hack would have on their company.
Only half of businesses are aware of impending New Zealand Privacy Bill changes involving mandatory breach notification.

Research released by Aura Information Security shows New Zealand businesses are feeling the wrath of cybercriminals with more than one third experiencing a cyber-attack in the past 12 months, a 10-percentage point increase on last year.

Kiwi businesses believe the situation is only going to get worse with 42 percent expecting their company to fall victim to a cyber-attack in the year ahead.

These statistics have emerged from a survey which polled more than 360 IT decision makers on their experiences of cyber issues in their business, ranging from SMEs to large corporates, right across New Zealand.

Aura Information Security General Manager, Peter Bailey, says business has never been better for cybercriminals.

“Sadly, cybercrime does pay – and it pays well. Hackers have an ever-expanding skillset and it’s getting easier for them to find weaknesses in business networks and staff emails that allows them to gain access to large quantities of personal and financial data.”

The prevalence of advanced ransomware is funding hackers across the world, and it highlights the value of data. While almost 40 percent of respondents would not pay a ransom, 20 percent of Kiwi businesses said they would be prepared to hand over between $10,000 and $20,000 to regain access to their data if it was locked or stolen. Almost one in 10 businesses would fork out more than $50,000 if faced with a ransomware attack.

“Intelligent automation means most attacks these days start with little human involvement. These probes run around the clock and only alert the hacker once a weakness is identified. That makes cyber-attacks highly efficient, as the hacker only need focus on ‘qualified leads’, when their malware has already made its way into your systems,” says Bailey.

With the increase in automated malware, there should also be an increase in businesses undertaking regular penetration testing notes Bailey. Unfortunately, this isn’t the case, with less than half of Kiwi businesses undergoing system penetration testing in the last year.

“Penetration testing is vital to ensuring secure systems. It allows businesses to patch holes in weak areas and help to prevent hackers from gaining access. Without that, your business can be open to a security breach.”

Bailey confirms the threat of a breach is always present.

“Cybercrime is a constant fact of our modern life. Your technology is being probed all the time and you may very well experience an attack. All it takes is a moment’s inattention, a single unsecured machine or uninformed employee, and even the best of defences can be compromised.

“Cyber security is only as strong as the weakest link, but with the majority of organisations not understanding current password best practice, we’re not off to a great start.”

Privacy Bill updates will take some businesses by surprise

Bailey was surprised to find that only half of Kiwi businesses are aware of the impending Privacy Bill changes on mandatory data breach notification.

“This is an alarming statistic considering 20 percent of businesses are not prepared to notify customers in the event of a security breach, despite the fact they will soon be legally required to do so. What’s even more concerning is this number is up from 17 percent in 2018.

“Another worry is that almost a third of New Zealand businesses are not assessing the impact a significant breach would have on their organisation. Not only are these organisations putting their head in the sand, they could also face some hefty fines if they are introduced as part of the changes to the Privacy Bill,” says Bailey.

More than half of respondents said the prospect of large legal fines would lead them to review their cyber security protocols.

“With the implementation of similar legislation in Europe and Australia over the past few years, we are just starting to see the positive impact this can have. As the proposed fine regimes for New Zealand are significantly lower compared to other countries, it will be a waiting game to see whether this change has a significant impact or is enough of a deterrent for businesses.
“When it’s all said and done, money talks. I’d love to see the introduction of fines be included in the Privacy Bill updates in 2020,” Bailey notes.

Head in the clouds

The report also revealed an unfounded sense of trust in cloud storage. Three in five businesses store data in the cloud, and 55 percent of businesses trust the person who built or administered their cloud environment did so securely.

“So many businesses have embraced cloud data storage, believing that placing their data in the cloud takes away all of their responsibility for security, when in reality this couldn’t be further from the truth,” notes Bailey.

“It is important businesses understand the joint role necessary to ensure data is secure. The cloud doesn’t automatically mean your data is safe, and businesses still need their own data security policies in place. Never place all your trust in the cloud.”

Taking cybercrime seriously

Bailey says he is encouraged that more businesses are taking cybercrime seriously.

“It used to be that cyber security was only a job for the IT department, not something for senior executives to put on the agenda. I’m pleased to see more than 90 percent of respondents say their Board or senior management is now engaged in cyber security, and two thirds say senior management see cyber security as a key concern or risk.”

The fact that 70 percent of respondents to Aura Information Security’s survey expect cyber-attacks to become more frequent and more sophisticated is a sign that organisations are beginning to understand the growing threat.

“Businesses recognise the dangers and now they must prepare for them. They should actively seek the weak points in their system with regular penetration testing so they can patch things up before hackers get a chance to attack.

“It’s also important to prepare for the worst. Assess the impact a data breach would have on the business and be sure to have a response plan in place, so you know what to do if your network is compromised,” says Bailey.

ENDS

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Reserve Bank: Policy Lessons From A Year Of Covid-19

The Reserve Bank of New Zealand – Te Pūtea Matua was in a sound position to continue to meet its mandate in the face of the COVID-19 induced economic shock. However, we must continue to transform so as to remain relevant and effective in addressing longer-term challenges, Reserve Bank Governor Adrian Orr said... More>>


Transport Industry Association: Feb 2021 New Vehicle Registrations Strongest On Record

Motor Industry Association Chief Executive David Crawford says that the February 2021 figures are the strongest for the month of February ever. Registrations of 12,358 were 8.0% up on February 2020. Year to date the market is up 7.1% (1,735 units) compared to the first two months of 2020... More>>

Paymark: Lockdown Equals Slowdown For Some

The three days of lockdown for Auckland earlier this month made a clear impression on our retail spending figures. While only Auckland moved into Level 3 lockdown, the impact was felt across the country, albeit at different levels. Looking at the ... More>>

Infrastructure Commission: Te Waihanga Releases Report On Water Infrastructure

The New Zealand Infrastructure Commission, Te Waihanga’s latest discussion document highlights the importance of current reforms in the water sector. Its State of Play discussion document about water infrastructure is one of a series looking at the ... More>>


OECD: Annual Inflation Picks Up To 1.5% In January 2021 While Euro Area Records Sharp Increase To 0.9%

Annual inflation in the OECD area picked up to 1.5% in January 2021, compared with 1.2% in December 2020. Following a rebound between December and January, the annual decline in energy prices was less pronounced in January (minus 3.9%) than in December... More>>


Hemp Industries Association: Could The Next Team NZ Boat Be Made Entirely Of Hemp?

With The America’s Cup due to start in a few days’ time, innovators from a very different sphere have been wondering how long it could be before New Zealand could be competing in a boat entirely built from hemp, with the crew eating high-energy, nutritious hemp-infused foods and wearing high-performance hemp kit..? More>>


ACT: Matariki Almost A Half Billion Dollar Tax On Business

“Official advice to the Government says an extra public holiday at Matariki could cost almost $450 million,” ACT Leader David Seymour can reveal. “This is a perfect example of the Prime Minister doing what’s popular versus what’s responsible. ... More>>

Genesis: Assessing 6,000 GWh Of Renewable Generation Options For Development By 2025

Genesis is assessing 6,000 GWh of renewable generation options for development after starting a closed RFP process with 11 partners. Those invited to participate offer a range of technologies as Genesis continues to execute its Future-gen strategy to ... More>>