6% more state-sponsored attacks this year, says NCSC report
The GCSB's NCSC has released its latest annual Cyber Threat Report, which shows the impact of global geostrategic competition and newly-implemented cyber defence capabilities.
Lisa Fong, National Cyber Security Centre (NCSC) Deputy Director-General, says the 12 months to 30 June 2022 saw it achieve a significant milestone with the launch of its Malware Free Networks (MFN) capability, and increase its focus on addressing strategic cyber security risk.
"By the end of June, MFN had disrupted more than 122,000 events which could have harmed New Zealand organisations," Fong says.
"That number has now increased to more than 200,000 as more partners have been able to deploy MFN to their customers."
MFN received recognition as the "best security product or service" at the cybersecurity industry's annual iSANZ Awards.
"We are really proud of what we have been able to achieve in using MFN to scale our cyber defence impact," Fong says.
"We recognised the key to that was working in partnership with the private sector, providing them with high-quality cyber threat information which they can readily use to help protect their customers, in tandem with other commercial products.
"Through our MFN partners, we are able to take cyber threat information from a range of sources, including the operation of our own capabilities, and from our international partners, and use it to help defend New Zealand organisations.
"When we launched MFN in November last year, we knew this would be a real step change for New Zealand's cyber security posture, and our ability to have impact at scale and speed would grow enormously."
This year's report shows the NCSC recorded 350 incidents affecting nationally significant organisations in the year to 30 June 2022, compared to 404 last year.
Fong notes that this number accounts only for those cybersecurity events which are significant or complex enough to pose a threat at a national level.
"We know that Russian and other Eastern European actors feature significantly in the global cyber threat landscape," Fong notes.
"It is likely that the Russian invasion of Ukraine has meant both state and criminal actors from the region, and other significant global threat actors, are more focused elsewhere than on activities that have previously impacted New Zealand.
"In the lead-up to the Russian invasion of Ukraine, the NCSC stood up a dedicated effort to support the resilience of New Zealand organisations.
"This included working with international partners to understand the types of cyber threats which might occur as a result of the conflict, and providing alerts to our customers."
Fong also acknowledges state-sponsored attacks, which continue to comprise a large number of recorded incidents.
This proportion increased slightly in the previous 12 months, sitting at 118, or 34%, as of the latest report, compared to 28% last year.
Further, 81 incidents could be linked to likely criminal or financially motivated actors. This accounts for 23% of the total, compared to 27% last year.
Fong adds that the NCSC's cyber defence capabilities continue to help minimise harm to New Zealand organisations from malicious cyber activity.
"We calculate that our cyber defences helped reduce more than $33 million worth of harm in the financial year, bringing the total harm reduced since 2016 to $317 million," Fong says.
Fong says this calculation does not consider the impact of the NCSC's MFN capability.