Story image

Cyber security a "human problem", says Origin IT

13 Jul 2016

It seems people are more to blame than technology when it comes to cyber security, with New Zealand organisations dealing with growing numbers of cyber-attacks let in by their own people, according to Origin IT.

The information security firm says Kiwi businesses are not doing nearly enough to understand this issue and develop ways to protect themselves.

Origin IT says its dealings with hundreds of clients in New Zealand shows around 50% of unidentified emails received by businesses will be opened by employees, with around 30% clicking on a link, which in many cases is enough to let in an attack.

Despite this growing threat, the Institute of Directors (IoD) agrees businesses aren’t doing enough to educate their people, saying 62% of New Zealand’s businesses are not ready for cyber attacks. 

Michael Russell, CEO of Origin IT, says businesses need to think about their people first and technology second to achieve the best information security.

“Our relaxed nature in New Zealand means we’re too trusting and we’ve become a soft target to attacks from anywhere in the world - the way we approach information security needs to change,” he says.

“It is no longer enough to buy the best technology as people have become the weak point, they will make mistakes and let an attack in, whether intended or not,” he explains.

“It also only used to affect large organisations but now every day we hear of SMEs being hit with damaging and costly results,” says Russell.

“So all organisations need to look at this issue from a people point of view.  Information and knowledge is now one of most valuable assets so while the best technology is guarding your front door, your back door is open and your people will let your valuable information out,” he adds.

These assertions are backed by PWC’s 2016 Global State of Information Security survey, which placed current and past employees far ahead of hackers as the likely source of security incidents, with current service providers, consultants and contractors closely behind.

Simon Arcus, chief executive officer of the Institute of Directors, says boards need to lead in this digital age:

“We live in a digital world where technology, cyberspace and the Internet of Things bring opportunity and risk,” Arcus says.

“Technological change and innovation are transforming the way businesses is done with most businesses now relying on technology to operate.

“Cyber was ranked number two in the recent IoD NZIER Director Sentiment Survey clearly showing directors remained concerned,” he adds.

“Directors need to approach cybersecurity as a whole of business issue. The board’s role in technology governance is about leadership in this new era – put cyber security on the agenda before it becomes the agenda,” Arcus says.

“It is also important for directors to ensure its board has the skills and experience to ask management, CIOs, CDO or technology teams the right questions to ensure confidence in the organisation’s resilience.”

The Symantec Internet Software Threat Report 2016 revealed New Zealand having 108 attacks per day last year from ransomware, malicious software that blocks a computer until a sum of money is paid, a 160% increase on 2014.

The Government’s launch of the Computer Emergency Response Team (CERT) in May this year, indicated breaches of cyber security costs the New Zealand economy $257 million in 2015 and affected more than 856,000 New Zealanders.

According to Russell, New Zealand businesses are being targeted by cyber-attacks masquerading as legitimate companies that outwit spam filters and all other technological defences. 

He says these increasingly sophisticated attacks fool employees into opening unidentified emails and click links. 

This can lead to the loss of vital identity and business information, and wide impacts on organisational finances and brand reputation, employees, customers and other stakeholders.

“We want all organisations to be more aware of the issue and how cyber threats operate – if we know this, we can all play a part,” explains Russell.

“As an innovative country there is too much at stake to let our guard down and let attacks in.  This issue will affect everyone in New Zealand and it’s our responsibility to protect ourselves and our livelihoods,” he says.

“Effective information security for any business is like the brakes on a car – having them means you can drive safely and faster without problems – having the best security system is actually an opportunity to excel.”

Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”