Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

New Zealand’s Critical Infrastructure Vulnerable To Cyber Attacks

Another wave of cyber attacks has hit our banks, MetService and even the postal service – but critical services such as energy and water supply could be next, warns Vectra APJ Director of Security Engineering, Chris Fisher.

Cyber-attacks in New Zealand have increasingly grown in sophistication and prevalence, in part due to increased digitalisation but also wider geopolitical changes and disruptions caused by the ongoing Covid-19 pandemic.

According to Deloitte, critical infrastructure operators in Asia Pacific are increasingly being targeted by cyber espionage and sophisticated attacks with the potential for severe disruption to essential services such as energy and water supply.

Rapid digital transformation and convergence of disruptive technologies has led to a much wider attack surface, testing the resilience of the region’s infrastructure.

The recent Tokyo Olympics 2020 for instance was beset by a data breach that compromised personal credentials such as usernames and passwords to access affiliated websites aimed at volunteers and ticket holders.

New findings in a recent Vectra PaaS & IaaS Security Survey Report have underlined how the cloud has changed everything we know about security; 100% of the companies surveyed have experienced a security incident but continue to expand their cloud service footprint, deploying new AWS services weekly.

The expansion of cloud services has naturally led to increased complexity and risk and the report uncovered some startling blind spots. These include 30% of organisations surveyed have no formal sign-off before pushing to production and 40% of respondents say they do not have a DevSecOps workflow – that is the automated integration of security.

Ransomware attacks on critical infrastructure spike in last 3-6 months

But it’s not just enterprise security that needs further scrutiny. When the Waikato District Health Board (WDHB) experienced a cyber attack earlier this year, hospitals and services were severely disrupted.

Described as the country’s largest cyber-attack to date, the attack crippled the WDHB’s 680 computer services, and led to critically ill patients needing to be transferred to other hospitals for care, surgeries delayed and patient data to be shared on the dark web.

New Zealand’s Computer Emergency Response Team (CERT) found that cyber incidents caused a financial loss of $16.9 million in 2020, with 7809 incident reports in total. This number continues to increase year after year.

Recognising the risks and finding a solution

The speed and agility that comes with the rapid deployment of cloud within organisations has enabled faster delivery of applications and numerous other benefits. However, these advantages need to be balanced against security risks that arise from cloud deployments, which can often be complex.

Vectra’s PaaS & IaaS Security Survey Report reveals that risk exponentially increases as more people are granted access to a cloud environment. Although companies surveyed are investing heavily in security operations, the challenges of securing the cloud are expected to continue for the foreseeable future due to sheer size, scale, and continuous change.

While the vectors of all these incidents have remained the same, the speed at which the attackers can now pivot through an organisation’s network and the coverage they are able to achieve as a result has greatly increased.

This highlights that current prevention tools are no longer enough to mitigate risk. What we are seeing now is that increasing cyber security threats when combined with a rapidly evolving cloud environment is creating a perfect storm that is highlighting significant skills gaps.

Constantly evolving critical national infrastructure threats means a round-the-clock effort and highly specialised skills to bolster enterprise cybersecurity.

Typically, most organisations have lean IT teams and lack the cybersecurity expertise required to pre-empt and mitigate sophisticated threats, placing enormous strain on what is potentially an already limited resource.

Securing the cloud with confidence is nearly impossible due to its ever-changing nature. To address this, companies need to limit the number of attack vectors malicious actors are able to take.

This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible.

Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness.

Securing critical national infrastructure with effective incident response

Critical national infrastructure (CNI) organisations must be ready and able to defend against a wide range of threats that attempt to steal from, disrupt, damage, or deny their operations.

When it comes to assets and infrastructure that are essential for the functioning of a society or economy, it’s no longer enough to just invest in the tools but it matters to build knowledge and establish stringent governance frameworks.

Attackers are increasingly targeting Operational Technology and Industrial Control Systems in ransomware attacks.

That’s where vendors with true cybersecurity expertise drive value, helping organisations not only to draw upon expertise and intelligent, AI-driven detection tools but to also gain deep visibility into security and compliance gaps.

Slowing down the attackers is only part of the challenge. CNI organisations should have the right capabilities that would also speed up defences across all network stacks (be that IaaS, SaaS, PaaS, or Datacentre).

The only way to achieve this is via prioritisation of incidents leveraging AI and automation. This will bolster the limited capacity of the security operations centre giving it the best chance to drive down metrics such as mean time to remediation, therefore reducing the impacts of attackers and reducing the risk of a widespread breach.

To better improve CNI cyber defences, there are the top three best practice tips:

  1. Reduce the risk of cloud services being exploited using an AI-driven threat detection and response solution.
  2. Monitor access of the deployment and the configuration of it.
  3. Review and remove admin-level roles that are no longer used and/or needed.

We can expect to see threats to CNI over the next few years across a number of scenarios – for instance, healthcare systems remain vulnerable particularly as the global fight against COVID-19 continues and continued demand for remote working will increase attack surfaces.

Each CNI site or situation is unique and visibility and agility are the building blocks of effective incident response. CNI security teams must adopt an assumed-compromised mindset and focus on early automated detections with context to make fast and informed decisions.

Chris Fisher is the Head of Security Engineering for Vectra.ai in the Asia Pacific and Japan Markets. As a leader for the APJ business Chris’s key responsibility is to ensure that Vectra customers have the security foundation to embrace new technology and lines of business, allowing them to digitally transform whilst reducing business risk and improving their security posture.

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 



BusinessNZ: Third Snapshot Report Reveals $9.5 Billion Business Investment In Climate Action

Signatories to the Climate Leaders Coalition have committed to invest $9.5 billion over the next five years to reduce emissions from their businesses, as revealed in their third anniversary snapshot report released today... More>>

Digitl: The home printer market is broken
Printers are more of a security blanket that a serious aid to productivity. Yet for many people they are not optional.
Even if you don’t feel the urge to squirt ink onto dead trees in order to express yourself, others will insist on printed documents... More>>


Serious Fraud Office: Commences Enquiries Into Allegations Of COVID-19 Wage Subsidy Fraud
The Serious Fraud Office has commenced a number of enquiries into alleged abuse of the Government’s COVID-19 Wage Subsidy. Director Julie Read said the allegations relate to multiple complex cases of potential fraud that have been referred to the agency following extensive investigations ... More>>

ComCom: Companies In Hot Water For Selling Unsafe Hot Water Bottles And Toys

A wholesaler and a retailer have been fined a total of $140,000 under the Fair Trading Act for selling hot water bottles and toys that did not comply with mandatory safety requirements. Paramount Merchandise Company Limited (Paramount) was fined $104,000 after pleading guilty in the Manukau District Court... More>>



Reserve Bank: Robust Balance Sheets Yield Faster Economic Recovery

Stronger balance sheets for households, businesses, financial institutions and the government going into the pandemic contributed towards maintaining a sound financial system and yielding a faster economic recovery than following previous deep recessions... More>>


Transpower: Releases Independent Report Into Events Of August 9
Transpower’s Chief Executive Alison Andrew has today released an independent report into the grid emergency of August 9 when insufficient generation was available to meet demand, leading to some customers being disconnected... More>>