Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Is New Zealand Prepared For The Rise In Cyber-attacks?

By Steve Smith, Auckland Manager of Advantage Limited


Supply chain risk is a hot topic today.

Some of the most significant cybersecurity breaches this year have been supply chain related. SolarWinds, Accellion, Hafnium, and most recently - the Kaseya attack.

Why now? Supply chain risk = third-party risk.

The COVID-19 pandemic forced companies to transition to a remote workforce, where security and IT teams could not do their ‘usual’ due diligence - particularly around onboarding third-parties. As a result, nefarious actors (aka – hackers) took full advantage. In the U.S., the FBI reported a 500% increase in cyber-attacks in the first months of the lockdown in 2020.

New Zealand is ripe for cyber-attacks.

Some of the recently reported cyber breaches are the largest in New Zealand’s history - and almost all of them are related to third-party breaches.

The combination of these events is forcing security and IT teams in New Zealand through a “maturity curve” - particularly around third-party risk and cybersecurity.

The “It won’t happen here; I’ve got bigger business priorities” attitude must change.

A shift in focus.

If you look back two or three years, companies typically had just a few dozen third-parties in their ecosystem. But today, according to the Ponemon Institute, enterprises are averaging thousands, often up to 6000 third-party vendors – that’s a lot of third-party risk to manage.

Assessing whether every third-party is fit for purpose is an enormous amount of work, especially for small IT teams.

That's where CyberGRX comes in.

CyberGRX has the world’s largest cyber risk Exchange with over 100,000 participants. It has automated and standardized the previously heavily time-intensive manual process of assessing third-parties.

We were introduced to CyberGRX through venture capital firm, Telstra Ventures, who has made some significant investments in the cyber security space.

CyberGRX has taken on the mission of reaching every CISO in the New Zealand market. Their goal is to help them reduce their cyber-risk, and part of that is choosing to work with local partners, like Advantage, whose goal is to understand the local market better than anyone:

“We are very deliberate about the partners we choose to work with. They need to bring a level of governance, risk, and compliance skill to the conversation. Telstra Ventures introduced us to Advantage, and they certainly have the reputation and credibility in market to help us achieve our mission to reduce supply chain risk in the market,” said Anthony Panuccio, Director at CyberGRX.

The human factor on security posture.

Everyone on your team can affect your company’s security posture— not just the IT team, especially if they’re informed.

We work with Cofense who provide phishing detection and response solutions, that help organization's stop phishing attacks faster, and importantly - educate on how to detect phishing attempts.

All it takes is one phish to wreak havoc on your network and bottom line.

According to Marcus Bartram, General Partner at Telstra Ventures, another pressure for security teams is mobile.

“For most of us, using your mobile for work and connectivity is instinctual. But is it secure? Or, more realistically - is mobile even part of your company’s cyber defense strategy?

Zimperium, a Telstra Ventures’ portfolio company and arguably the world’s leader in mobile threat detection and security, has created the world’s first machine learning-based security engine for mobile. It allows remote workers to access sensitive data and mission-critical systems safely and securely.

According to the firm, the number of reported cyber-attacks targeting mobile devices has more than doubled every six months for the last three years. And with remote work and bring your own device (BYOD) practices becoming a permanent fixture, the attack surface for an enterprise is on pace to grow exponentially,” said Marcus.

CyberGRX is not alone in its New Zealand focus.

Marcus also observed that the VC firm has seen an uptick in the number of Telstra Ventures’ portfolio companies headquartered out of the U.S., look to the Asia Pacific region to address the growing cybersecurity market.

AttackIQ, another portfolio company that just announced $44 Million in Series C funding, is also expanding their reach in a bid to reduce the pressure on security professionals and help them prepare for cyber-attacks.

AttackIQ helps organizations continuously validate the effectiveness of their security controls at scale. Importantly, CISOs in New Zealand, or anywhere, can verify that their cyber defenses work as expected and validate against the latest threats,” said Marcus.

According to CyberGRX, these three critical actions can reduce your supply chain risk today.

1- Know who’s part of your third-party ecosystem.

You need to know the extent of which third-parties are in your ecosystem. You'd be surprised at how many enterprises wouldn't be able to answer this question today because it hasn’t been a focus.

2 - Understand your exposure through third-parties.

Now you know your third-party ecosystem, if they have experienced a cyber event today, what would be the impact on your business? We’ve seen a lot of attacks recently where a third-party has impacted an organization, but it's the client of that third-party that cops the bad press.

3 - Manage your risk!

Cybersecurity is no longer simply a compliance exercise. The pivot from compliance to risk management is key. If you recognize that your third-parties are posing a risk to you, work with them quickly to close those control gaps, and build your cyber defense to reduce your risk.

About Advantage

Advantage designs and builds scalable and secure solutions for customers that rely on highly connected IT services, helping you eliminate risks to your IT infrastructure and systems to minimise problems and maximise your uptime.

With over 35 years of experience in the New Zealand IT market, Advantage provides enterprise-class solutions across almost all market segments, including government, medical, retail, financial and legal.

For more information on Advantage, visit or


© Scoop Media

Business Headlines | Sci-Tech Headlines


NIWA: Tonga Eruption Discoveries Defy Expectations
New findings from the record-breaking Tongan volcanic eruption are “surprising and unexpected”, say scientists from New Zealand’s National Institute for Water and Atmospheric Research (NIWA)... More>>

Commerce Commission: Appeals Record $2.25m Fine In Vodafone FibreX Case

The Commerce Commission has filed an appeal in the High Court against a record $2.25 million fine imposed on Vodafone NZ Limited (Vodafone) for its offending under the Fair Trading Act during its FibreX advertising campaign. While the sentence imposed in the Auckland District Court on April 14 was the largest-ever fine under the Fair Trading Act, the Commission will argue that it is manifestly inadequate... More>>

All District Health Boards: Historic Pay Equity Settlement

An historic agreement has been ratified that addresses a long-standing undervaluation of a workforce that is critical to the smooth running of our hospitals and the delivery of healthcare... More>>

Finder: RBNZ Survey: 64% Of Experts Say Rising Inflation Will Push More Kiwis Into Debt

Soaring inflation and cost of living pressures will see many households pushed to the financial limit, according to experts... More>>

Barfoot & Thompson: Rents Up By Around 3% In Most Areas

The average weekly rent paid for homes in most areas of Auckland has risen by around 3 percent year-on-year. The figures for end March from more than 16,000 properties... More>>

DoC: Smeagol The ‘Gravel Maggot’ Leaves Its Rare Mark On The Remote West Coast
An extremely rare species of sea slug or ‘gravel maggot’ has been detected for the first time on a remote beach in South Westland... More>>