Cyber security & risk management - what your enterprise needs to consider
The New Zealand National Cyber Security Centre provides enhanced services to government agencies and critical infrastructure providers to assist them to defend against cyber-borne threats.
"As the use of the internet in New Zealand increases, so too does our vulnerability to cyber threats," the NCSC says on its website. The organisation says countering these threats is a shared responsibility, and the government will work in partnership with industry, non-government entities and academia to improve New Zealand's cyber security.
"The role of the NCSC is to protect government systems and information, to pan for and respond to cyber incidents, and tow ork with proviers of critical national infrastructure to improve the protection and computer security of such infrastructure against cyber-borne threats.
In a report, Cyber Security - Risk Management – Issues for consideration at Board Level, the NCSC outlines the benefits of adopting a risk-managed approach to cyber security.
"Information and communication networks are a fundamental part of our infrastructure and have led to greater accessibility, mobility, convenience, efficiency and productivity," the report says. "Being connected has become the new normal across so many aspects of our lives, driving significant change across the worlds of business and our private pursuits.
"However, such connectivity can bring about both benefits and harms, social and economic alike.
The NCSC says information systems and internet-connected devices are highly susceptible to malicious cyber activity, and our dependence on such systems increases our exposure to threats.
"In New Zealand and globally, a wide range of institutions, both public and private, have been subject to malicious cyber activities. There are external parties (threats) who seek to derive value from our organisations' information.
The report says the traditional approach to cyber security has been to build bigger walls (firewalls, anti-virus software and other perimeter security devices). "While still necessary, these alone are no longer sufficient. A holistic approach to cyber risk management – across the organisation, its networks, supply chains and the larger ecosystem – is required.
The benefits of adopting a risk managed approach to cyber security, include:
• STRATEGIC Corporate decision-making is improved through the high visibility of potential risk exposure, both for individual activities and major projects, across the whole of the organisation.
• FINANCIAL Providing financial benefit to the organisation through the reduction of losses and improved "value for money" potential, noting that cyber-security incidents are a cost.
• OPERATIONAL Organisations are prepared for most eventualities; having adequate contingency plans provides corporate reassurance and helps ensure business continuity.