Navigating New Zealand’s Cybersecurity Frontier

In the ever-evolving landscape of technology, the year 2022/2023 marked a significant juncture for cybersecurity in New Zealand. The National Cyber Security Centre (NCSC) revealed a sharp increase in financially motivated cyber activities, surpassing state-sponsored incidents for the first time. This shift in dynamics signals a crucial turning point in the realm of cybersecurity, one that demands heightened vigilance and adaptive measures from organisations across the country.

With an eye on defending against an increasingly sophisticated threat landscape, organisations in New Zealand find themselves facing a relentless onslaught from cybercriminals. These malicious actors, driven by financial gain, are employing tactics aimed at extorting payments from businesses. However, there’s a silver lining amid this adversity. Organisations, increasingly cognisant of these tactics, are bolstering their resilience to withstand such coercive manoeuvres.

Yet, this resilience is constantly put to the test as cyber adversaries innovate, adopting novel techniques and technologies that challenge conventional detection methods. The advent of cutting-edge technologies like generative artificial intelligence (AI) further amplifies the need for organisations to exercise stringent governance, ensuring the adoption of these advancements while mitigating associated privacy and security risks.

Amidst this turbulent landscape, the NCSC stands as a bastion of defence, dynamically adapting to confront the ever-shifting cybersecurity scenario. This year, the NCSC’s interventions and expertise have been instrumental in preventing an estimated NZ$65.4 million in potential harm to vital national entities.

Notably, over the past four fiscal years, the NCSC’s capabilities have been pivotal in detecting approximately one-third of all recorded incidents. In 2022/2023, the NCSC took proactive measures, successfully disrupting over 250,000 malicious cyber events through the implementation of Malware Free Networks®.

In the span of the reported period, 316 cyber incidents targeted nationally significant organisations, a slight decrease from the 350 incidents documented in the preceding year, 2021/2022. Notably, 73 of these incidents, equating to 23%, demonstrated potential connections to suspected state-sponsored actors – a decline from the previous year’s figure of 34%. Conversely, 90 incidents, accounting for 28%, displayed indicators of criminal or financially motivated activity, marking a rise from the 23% recorded in the prior reporting period of 2021/2022.

In a significant move towards fortifying the nation’s cybersecurity infrastructure, the NCSC, in conjunction with New Zealand’s Computer Emergency Response Team (CERT NZ), has become the forefront operational cybersecurity agency for Aotearoa New Zealand. This integration promises a unified approach, pooling resources, and expertise, and fostering both domestic and international alliances for a more robust defence against cyber threats.

The integration not only streamlines operations but also ensures a consistent stream of guidance and support for New Zealanders facing cybersecurity challenges. By providing a centralised hub for advice and assistance during cyber incidents, this merger aims to facilitate a more cohesive response to threats faced by the nation.

The NCSC’s latest report has positive insights, offering actionable strategies to combat the recurring tactics employed by cyber adversaries. Encouraging organisations to leverage these insights, the report emphasises the need for continuous review and enhancement of cybersecurity controls and governance. Furthermore, it extends a supportive hand, urging organisations to seek additional assistance when needed.

As New Zealand navigates the complexities of an increasingly digitised world, the NCSC’s report serves as a pivotal guidepost, advocating a collective effort towards fortifying the nation’s cyber resilience. In this concerted endeavour, organisations are not merely defending digital infrastructures but safeguarding the collective prosperity and security of the nation.

OpenGov Asia reported that the New Zealand Police issued a warning regarding a targeted email campaign that has notably affected various organisations, with a particular emphasis on schools. This digital threat has instigated increased vigilance among authorities and spurred collaborative efforts aimed at mitigating potential risks posed to the targeted entities.