Building Resilience: New Zealand’s Embrace of Cybersecurity

New Zealand’s business landscape is undergoing a significant transformation, with a growing emphasis on cybersecurity as a critical element of operational resilience. A recent study by a technology services firm highlighted the proactive approach of several large businesses with over 100 employees in addressing cybersecurity challenges.

The CSAC report underscores the need for improved oversight and treating cyber risk as a fundamental business risk. It also advocates for incorporating a Te Ao Māori-led perspective into national standards for cyber protection. The report suggests that incentivising the adoption of guidelines for minimum business expectations is more effective than imposing mandatory risk management standards.

Despite facing cyberattack disruptions, these businesses have shown resilience and a willingness to adapt to the evolving threat landscape. The study found that 70% of business leaders surveyed were open to exploring various solutions, including ransom payments, to restore their systems and ensure business continuity.

Alastair Miller, a spokesman for the technology services firm, highlighted a positive trend where hackers are targeting operational downtime over data theft or encryption. This shift forces organisations to address cybersecurity issues directly, leading to a more proactive approach to protecting their digital assets.

The study also emphasised the importance of implementing robust cybersecurity measures, such as tracking assets and critical data, removing unnecessary data, and having a comprehensive response and recovery plan. These measures are essential for mitigating the risks posed by cyber threats and ensuring business resilience.

Cloud misconfigurations or software vulnerabilities were identified as key factors in cyber incidents, highlighting the need to update cybersecurity practices continuously. By prioritising cybersecurity at the board level, businesses can enhance their overall resilience and adaptability in the face of cyber threats.

Conan Bradley, incident response lead at the technology services firm, stressed the importance of carefully evaluating options when dealing with cybercriminals. While paying a ransom may seem like a quick fix, it can contribute to the sustainability of organised crime. Businesses are encouraged to explore alternative solutions and strengthen their cybersecurity posture to prevent future attacks.

The study serves as a positive reminder for New Zealand businesses to embrace cybersecurity as a fundamental pillar of their operations. By adopting a proactive approach and fostering a security culture, businesses can confidently navigate the digital landscape and ensure a secure future for their operations.

In a broader context of cybersecurity and some strategist that New Zealand has done to make a better cyber environment, New Zealand’s collaborative effort with the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and 15 other global cybersecurity agencies has produced the document “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software.” This document, an evolution of an earlier release, emphasises secure software development in response to evolving threats. It offers principles covering threat modelling, security architecture, coding practices, testing, and developer education. Businesses can utilise and implement this document as a comprehensive guide to enhancing their software development processes and bolstering their cybersecurity posture.

Further, in the business landscape, the Financial Markets Authority (FMA) in New Zealand has published a consultation document outlining its proposal to implement a novel standard condition for specific holders of financial market licenses. This proposed license condition will primarily ensure business continuity and robust technology systems within the licensed entities. Businesses could leverage this proposed license condition as an opportunity to enhance their cybersecurity measures and ensure compliance with regulatory standards.

New Zealand’s proactive approach to cybersecurity, as evidenced by these initiatives, is a positive example for other countries. It underscores the importance of international cooperation in addressing global cybersecurity challenges and sets a standard for best practices in cybersecurity governance and resilience.

In the future, it is envisioned that New Zealand’s commitment to cybersecurity will continue to evolve and strengthen. By prioritising cybersecurity as a core component of operational resilience, New Zealand is paving the way for a more secure digital future.