January 16, 2021

We are creating some awesome events for you. Kindly bear with us.

We are creating some awesome events for you. Kindly bear with us.

Vigilance urged as Cert NZ report records highest cybersecurity incidents

According to Cert NZ’s most recent quarterly report, cybersecurity incidents have reached a record high. For the quarter July 1 to September 30, the cybersecurity agency logged over 2,600 incident reports from individuals and businesses. This is the highest number to date and reflects a 33%  increase over the previous quarter.

Cert NZ’s Director Rob Pope was of the opinion that the figures were not unexpected, in the light of the recent flurry of distributed denial of service (DDoS) attacks, ransomware and online scams. DDoS attacks are primarily volumetric in nature; in essence, they aim to overload websites by directing traffic to them to overwhelm their capacity.

OpenGov Asia had reported in late October that New Zeland had seen a surge of increasingly sophisticated malware attacks that are affecting everyday New Zealanders as well as large organisations. The malware campaign was being spread through attachments or links in emails was affecting New Zealanders. The attacks at the time had been predicted to cause widespread disruption and loss of revenue and data.

Not surprising then, the most common incidents that were reported were cyberattacks dispersed by email. Emotet, the virus reported above, was responsible for almost a third (34%) of the malware incident increase on the previous quarter.

Earlier in September, a wave of cyberattacks exposed worrying vulnerabilities in some of New Zealand’s key institutions. Most notably, for six days, the nation’s stock exchange – where tens of millions of dollars in shares are traded each working day – was laid low by the attacks.

Based on the reporting, the estimated financial loss was at $6.4m which is almost double the average quarterly loss of was $3.6m that is based on the last 14 quarters. The finance and insurance sector accounted for 60% of reports about incidents affecting organisations.

Of all the Incidents that were reported that had a financial loss component, thirteen were over $100,000. There were five incidents that involved the unauthorised transfer of money as a result of businesses having their email accounts compromised. Two related to “a new job or business opportunity” and the remaining related to scams including cryptocurrency, investment, fake lottery or prizes, and romance scams.

Pope said that these incidents ought to serve as a wakeup call for Kiwis to tighten up their online security. He encouraged New Zealanders to update their operating systems and software, ensure they use long, strong and unique passwords, and install antivirus software.

In the light of the upcoming season, cybersecurity experts have warned people to be especially vigilant and look out for holiday season scams. The Domain Name Commission along with InternetNZ has designed a fake webshop to practically demonstrate how citizens can spot signs of dubious e-commerce. A quick web search along with the terms “scam” or “review” will often go a long way towards alleviating or reaffirming concerns.

Graeme Muller, CEO NZTech, said in a recent publication that the nation has seen increasing cybersecurity threats for people and businesses as ‘bad actors’ attempt to take advantage of the pandemic. Operating within an increasingly digital environment, Kiwis are constantly under threat of cyber attack.  Security should be top of mind for businesses, organisations and government.  Including security as a pillar of a digital strategy is the best way to ensure peak performance while protecting people.

The country’s new Privacy Act comes into effect on December 1, 2020. Changes include the introduction of a privacy breach notification regime. This means if an organisation experiences a data breach where private information is lost or stolen and believes the breach could result in serious harm, it’s required to notify the Office of the Privacy Commissioner and affected individuals as soon as possible.

On a related note, the annual Cyber Security Summit has been delayed this year but is scheduled to return in February next year. The gathering explores new trends and the importance of cyber literacy across all levels of business.