It seems people are more to blame than technology when it comes to cyber security, with New Zealand organisations dealing with growing numbers of cyber-attacks let in by their own people, according to Origin IT.
The information security firm says Kiwi businesses are not doing nearly enough to understand this issue and develop ways to protect themselves.
Origin IT says its dealings with hundreds of clients in New Zealand shows around 50% of unidentified emails received by businesses will be opened by employees, with around 30% clicking on a link, which in many cases is enough to let in an attack.
Despite this growing threat, the Institute of Directors (IoD) agrees businesses aren’t doing enough to educate their people, saying 62% of New Zealand’s businesses are not ready for cyber attacks.
Michael Russell, CEO of Origin IT, says businesses need to think about their people first and technology second to achieve the best information security.
“Our relaxed nature in New Zealand means we’re too trusting and we’ve become a soft target to attacks from anywhere in the world - the way we approach information security needs to change,” he says.
“It is no longer enough to buy the best technology as people have become the weak point, they will make mistakes and let an attack in, whether intended or not,” he explains.
“It also only used to affect large organisations but now every day we hear of SMEs being hit with damaging and costly results,” says Russell.
“So all organisations need to look at this issue from a people point of view. Information and knowledge is now one of most valuable assets so while the best technology is guarding your front door, your back door is open and your people will let your valuable information out,” he adds.
These assertions are backed by PWC’s 2016 Global State of Information Security survey, which placed current and past employees far ahead of hackers as the likely source of security incidents, with current service providers, consultants and contractors closely behind.
Simon Arcus, chief executive officer of the Institute of Directors, says boards need to lead in this digital age:
“We live in a digital world where technology, cyberspace and the Internet of Things bring opportunity and risk,” Arcus says.
“Technological change and innovation are transforming the way businesses is done with most businesses now relying on technology to operate.
“Cyber was ranked number two in the recent IoD NZIER Director Sentiment Survey clearly showing directors remained concerned,” he adds.
“Directors need to approach cybersecurity as a whole of business issue. The board’s role in technology governance is about leadership in this new era – put cyber security on the agenda before it becomes the agenda,” Arcus says.
“It is also important for directors to ensure its board has the skills and experience to ask management, CIOs, CDO or technology teams the right questions to ensure confidence in the organisation’s resilience.”
The Symantec Internet Software Threat Report 2016 revealed New Zealand having 108 attacks per day last year from ransomware, malicious software that blocks a computer until a sum of money is paid, a 160% increase on 2014.
The Government’s launch of the Computer Emergency Response Team (CERT) in May this year, indicated breaches of cyber security costs the New Zealand economy $257 million in 2015 and affected more than 856,000 New Zealanders.
According to Russell, New Zealand businesses are being targeted by cyber-attacks masquerading as legitimate companies that outwit spam filters and all other technological defences.
He says these increasingly sophisticated attacks fool employees into opening unidentified emails and click links.
This can lead to the loss of vital identity and business information, and wide impacts on organisational finances and brand reputation, employees, customers and other stakeholders.
“We want all organisations to be more aware of the issue and how cyber threats operate – if we know this, we can all play a part,” explains Russell.
“As an innovative country there is too much at stake to let our guard down and let attacks in. This issue will affect everyone in New Zealand and it’s our responsibility to protect ourselves and our livelihoods,” he says.
“Effective information security for any business is like the brakes on a car – having them means you can drive safely and faster without problems – having the best security system is actually an opportunity to excel.”