Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Change urgently needed in defence against cybercrime

Cultural change urgently needed in defence against cybercrime attacks

Spending millions of dollars and IT specialists working around the clock to defend against the wave of cyber-attacks currently engulfing New Zealand will only be a losing battle until organisations invest in changing staff culture.

Author of the book 'She'll Be Right (Not!) – a cybersecurity guide for Kiwi business owners – SMB cybersecurity expert Daniel Watson, said that the recent spate of cyber-attacks on New Zealand organisations emphasises the urgency of addressing cultural change.

"Staff are the last line of defence. They click on what they click on, and as a result, they can quickly fall prey to tactics like password harvesting – for example, fake Dropbox accounts designed to collect your login details.

"People also tend to use the same or similar passwords. This allows hackers who have 'harvested' just one password to breach the defences of an organisation."

Watson said that it isn't unusual for staff members who have inadvertently clicked on a malicious link to say nothing for fear of getting into trouble.

"That's a cultural issue. Staff afraid of getting into trouble put the business at risk because they don't report mistakes, and it can take days or weeks before the breach is discovered – this is a cultural issue. You want to encourage staff to step up rather than be afraid of admitting mistakes."

Watson said sextortion, phishing and credential harvesting are scams that staff typically get tripped up by, and one of the biggest obstacles to reporting an issue is shame or embarrassment.

"Once somebody has login details, they can re-direct invoices and change supply arrangements. It just takes one small slip up that somebody is too afraid to admit to, and the cybercriminals are in."

There are three important aspects to changing the culture of a business to one that is cyber vigilant:

1. Top-down change

Watson said culture change starts at the top. Senior management needs to lead by example and make clear that cybersecurity is an organisation-wide issue – not just something for IT to worry about.

"Implement a set of security policies from the top down. For example, any financial transactions or marketing invoices must be approved by management or change of account details to require two-factor authentication."

2. Make cybersecurity an operational issue

Watson said embedding cybersecurity into a company's operations is crucial and should include awareness training and how to recognise a scam.

"Put in place an incident response plan – much like a health and safety plan, where if you see a hazard, you report it. If management responds negatively by ignoring the report, browbeating or ridiculing staff, they will likely hide things under the carpet and hope the boss won't notice."

3. Rapid response

"Create a culture of rapid response. The sooner staff notify IT, the quicker the experts can get in there and mitigate the damage," Watson said.

For more information visit:

© Scoop Media

Business Headlines | Sci-Tech Headlines


Stats: Auckland’s Population Falls For The First Time
In the wake of the COVID-19 pandemic, New Zealand’s population growth slowed down with Auckland recording a population decline for the first time ever, Stats NZ said today. “New Zealand saw slowing population growth in all regions... More>>

BusinessNZ: Third Snapshot Report Reveals $9.5 Billion Business Investment In Climate Action

Signatories to the Climate Leaders Coalition have committed to invest $9.5 billion over the next five years to reduce emissions from their businesses, as revealed in their third anniversary snapshot report released today... More>>

Digitl: The home printer market is broken
Printers are more of a security blanket that a serious aid to productivity. Yet for many people they are not optional.
Even if you don’t feel the urge to squirt ink onto dead trees in order to express yourself, others will insist on printed documents... More>>

Retail NZ: Some Good News In COVID Announcements, But Firm Dates Needed

Retail NZ is welcoming news that the Government is increasing financial support for businesses in light of the ongoing COVID-19 lockdown, and that retail will be able to open at all stages of the new “Covid Protection Framework... More>>

ComCom: Companies In Hot Water For Selling Unsafe Hot Water Bottles And Toys

A wholesaler and a retailer have been fined a total of $140,000 under the Fair Trading Act for selling hot water bottles and toys that did not comply with mandatory safety requirements. Paramount Merchandise Company Limited (Paramount) was fined $104,000 after pleading guilty in the Manukau District Court... More>>

Reserve Bank: Robust Balance Sheets Yield Faster Economic Recovery

Stronger balance sheets for households, businesses, financial institutions and the government going into the pandemic contributed towards maintaining a sound financial system and yielding a faster economic recovery than following previous deep recessions... More>>