Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Is New Zealand Prepared For The Rise In Cyber-attacks?

By Steve Smith, Auckland Manager of Advantage Limited


Supply chain risk is a hot topic today.

Some of the most significant cybersecurity breaches this year have been supply chain related. SolarWinds, Accellion, Hafnium, and most recently - the Kaseya attack.

Why now? Supply chain risk = third-party risk.

The COVID-19 pandemic forced companies to transition to a remote workforce, where security and IT teams could not do their ‘usual’ due diligence - particularly around onboarding third-parties. As a result, nefarious actors (aka – hackers) took full advantage. In the U.S., the FBI reported a 500% increase in cyber-attacks in the first months of the lockdown in 2020.

New Zealand is ripe for cyber-attacks.

Some of the recently reported cyber breaches are the largest in New Zealand’s history - and almost all of them are related to third-party breaches.

The combination of these events is forcing security and IT teams in New Zealand through a “maturity curve” - particularly around third-party risk and cybersecurity.

The “It won’t happen here; I’ve got bigger business priorities” attitude must change.

A shift in focus.

If you look back two or three years, companies typically had just a few dozen third-parties in their ecosystem. But today, according to the Ponemon Institute, enterprises are averaging thousands, often up to 6000 third-party vendors – that’s a lot of third-party risk to manage.

Assessing whether every third-party is fit for purpose is an enormous amount of work, especially for small IT teams.

That's where CyberGRX comes in.

CyberGRX has the world’s largest cyber risk Exchange with over 100,000 participants. It has automated and standardized the previously heavily time-intensive manual process of assessing third-parties.

We were introduced to CyberGRX through venture capital firm, Telstra Ventures, who has made some significant investments in the cyber security space.

CyberGRX has taken on the mission of reaching every CISO in the New Zealand market. Their goal is to help them reduce their cyber-risk, and part of that is choosing to work with local partners, like Advantage, whose goal is to understand the local market better than anyone:

“We are very deliberate about the partners we choose to work with. They need to bring a level of governance, risk, and compliance skill to the conversation. Telstra Ventures introduced us to Advantage, and they certainly have the reputation and credibility in market to help us achieve our mission to reduce supply chain risk in the market,” said Anthony Panuccio, Director at CyberGRX.

The human factor on security posture.

Everyone on your team can affect your company’s security posture— not just the IT team, especially if they’re informed.

We work with Cofense who provide phishing detection and response solutions, that help organization's stop phishing attacks faster, and importantly - educate on how to detect phishing attempts.

All it takes is one phish to wreak havoc on your network and bottom line.

According to Marcus Bartram, General Partner at Telstra Ventures, another pressure for security teams is mobile.

“For most of us, using your mobile for work and connectivity is instinctual. But is it secure? Or, more realistically - is mobile even part of your company’s cyber defense strategy?

Zimperium, a Telstra Ventures’ portfolio company and arguably the world’s leader in mobile threat detection and security, has created the world’s first machine learning-based security engine for mobile. It allows remote workers to access sensitive data and mission-critical systems safely and securely.

According to the firm, the number of reported cyber-attacks targeting mobile devices has more than doubled every six months for the last three years. And with remote work and bring your own device (BYOD) practices becoming a permanent fixture, the attack surface for an enterprise is on pace to grow exponentially,” said Marcus.

CyberGRX is not alone in its New Zealand focus.

Marcus also observed that the VC firm has seen an uptick in the number of Telstra Ventures’ portfolio companies headquartered out of the U.S., look to the Asia Pacific region to address the growing cybersecurity market.

AttackIQ, another portfolio company that just announced $44 Million in Series C funding, is also expanding their reach in a bid to reduce the pressure on security professionals and help them prepare for cyber-attacks.

AttackIQ helps organizations continuously validate the effectiveness of their security controls at scale. Importantly, CISOs in New Zealand, or anywhere, can verify that their cyber defenses work as expected and validate against the latest threats,” said Marcus.

According to CyberGRX, these three critical actions can reduce your supply chain risk today.

1- Know who’s part of your third-party ecosystem.

You need to know the extent of which third-parties are in your ecosystem. You'd be surprised at how many enterprises wouldn't be able to answer this question today because it hasn’t been a focus.

2 - Understand your exposure through third-parties.

Now you know your third-party ecosystem, if they have experienced a cyber event today, what would be the impact on your business? We’ve seen a lot of attacks recently where a third-party has impacted an organization, but it's the client of that third-party that cops the bad press.

3 - Manage your risk!

Cybersecurity is no longer simply a compliance exercise. The pivot from compliance to risk management is key. If you recognize that your third-parties are posing a risk to you, work with them quickly to close those control gaps, and build your cyber defense to reduce your risk.

About Advantage

Advantage designs and builds scalable and secure solutions for customers that rely on highly connected IT services, helping you eliminate risks to your IT infrastructure and systems to minimise problems and maximise your uptime.

With over 35 years of experience in the New Zealand IT market, Advantage provides enterprise-class solutions across almost all market segments, including government, medical, retail, financial and legal.

For more information on Advantage, visit or


© Scoop Media

Business Headlines | Sci-Tech Headlines


Westpac NZ: Warns About Sophisticated New Scam
Westpac NZ is warning New Zealanders about a sophisticated new scam that involves a fake Westpac investment prospectus.
The prospectus is formatted to resemble a Westpac document and includes professional-looking imagery... More>>

Campaign For NZ Coastal Tankers : Says Fuel Security At Risk

Three unions representing New Zealand shipping crews are mounting a united campaign to protect New Zealand’s fuel security and save New Zealand coastal tankers... More>>

Tourism: Travel Bubble With Cook Islands Resumes

Cook Islands tourism restarts today, ending a five-month border closure due to COVID-19. Graeme West, General Manager Australasia for Cook Islands Tourism Corporation, said today’s first flight of quarantine-free travel from New Zealand to the Cook Islands is very significant... More>>

Insurance Council of New Zealand: September South Island Windstorm Cost $36.5 M Raises 2021 Extreme Weather Claims Total To $321.6 M

Gale force winds and storms between 9 and 13 September 2021 resulted in insurers supporting communities to the tune of $36.5 m. This is a significant rise, of $16.7 m, on preliminary figures for the event and lifts the end of year total for all extreme weather events in 2021 to $321.6 m... More>>

Statistics: Building Consents Hit New Highs In November
There were a record 48,522 new homes consented in the year ended November 2021, Stats NZ said today. This was up 26 percent compared with the year ended November 2020... More>>

Fonterra: Revises Milk Collection Forecast
Fonterra Co-operative Group Limited today revised the forecast for its 2021/22 New Zealand milk collections to 1,500 million kilograms of milk solids (kgMS), down from its opening forecast of 1,525 million kgMS... More>>