SecurityBrief New Zealand logo
New Zealand's leading source of cybersecurity and cyber-attack news
Story image

Dimension Data showcases APAC threat landscape at exclusive Auckland event

By Sara Barker
Fri 23 Jun 2017
FYI, this story is more than a year old

NTT Security's Global Threat Intelligence report has firmly warned organisations that entertaining cybersecurity 'for the sake of doing security things' is a grave mistake; and businesses will get caught if they limit it to being just an IT problem.

The report, which featured findings from 6 billion attempted attacks and trillions of security logs over the past year, found that phishing attacks are prevalent and are responsible for as much as 73% of malware being delivered to organisations.

Yesterday Dimension Data held a small event in Auckland surrounding the release of the report, in which the company highlighted how the report was relevant to New Zealand organisations.

Opened by Dimension Data's security business unit lead Tony Jenkins, the event included commentary from Dimension data Group cyber security strategist Mark Thomas and Neville Burdan, general manager of Dimension Data Asia Pacific.

Thomas took the audience through the NTT Security report. He explained that the top trends include phishing, social engineering and ransomware. Business email compromise fraud, IoT and DDoS attacks are going after businesses and end user applications.

APAC a testing ground for phishing attacks

Thomas says that APAC is a testing ground for phishing attacks because it is heavily invested in security technologies. If malware works here, it will work anywhere.

"Asia is a hotbed for being attacked because it has perimeter security," Burdan adds.

In particular, New Zealand security teams sit inside IT and report to the IT operations manager - a concerning prospect that siloes security as being an IT problem, not a business wide problem. Dimension Data says that security decisions must be business decisions.

DDoS and IoT - major areas of concern

"Analysts have been talking about IoT deployment for some time. We haven't seen massive adoption to date but organisations that have are seeing multiple DDoS attacks. They're not architecting IoT into the network correctly, and not configuring it right," Thomas says.

In Australia, DDoS attacks account for 24% of all attacks. In Asia, they account for 16%. Thomas attributes this to the explosive growth in IoT.

New Zealand organisations face a lack of resources that have driven up the cost of labour, which means organisations can't afford large security teams. IT departments are looking for 'security bling' and automation but they haven't quite mastered the technologies.

Thomas explains that while attacks originate from US IP addresses, it doesn't mean attacks are coming from the US itself.

"Chinese don't like to attack directly, they like to use adjacent countries to direct their attacks," Thomas says.

Security vulnerabilities and patch management

The report found that organisations are ignoring patch management. Thomas says that 47% of vulnerabilities are more than 3 years old and 8% are more than 10 years old.

Conversely, the number of vulnerabilities being disclosed since 2013 has skyrocketed. The mismatch suggests there is a lack of skilled resources to roll out patches fast enough.

"We find New Zealand organisations tend to focus on OS patching but forget end-user applications such as Internet Explorer, Firefox, Java and Adobe. These are the applications hackers target most so we need to start to extend our patching regime to these areas," the company says in a statement.

Response plans and opportunities for businesses to harness MSSP expertise

In New Zealand, the report found that organisations are slowly maturing - but as of 2016, 68% of organisations have no formal response plan. This provides opportunities for managed security service providers (MSSPs) like Dimension data, as clients try to deal with the issues - and not just the technological ones.

"Many clients are reaching out to us because yes they've been compromised, but how do they respond?" Thomas explains.

"We have to start thinking about humans as an asset, and how do we secure that asset? What data are we sharing and how are we sharing that data with other third parties? It's a people, process, technology discussion."

Dimension Data: Future directions for security

Dimension Data, part of the $120 billion engine that it NTT Group, has built its business around four pillars: digital infrastructure, hybrid cloud, workspaces for tomorrow and cybersecurity.

According to Burdan, the company is driving security across all of these pillars.

"We're trying to move the discussion from siloed security into automated platform that can protect against attacks," he says.

"NZ is the number one adopter of Office 365. But how do we manage assets and protect our posture on and off our networks?"

While intelligence sharing will help organisations protect each other from threats, there are still issues such as what defines intelligence, how to get it and how to share it with other organisations.

"We need to extend the conversation from the back room to the boardroom to the living room, talking with family members and children. Everyone is using new types of devices. It's not just a corporate problem, it's a social problem as well," Thomas says.

Protection and detection controls

According to Burdan, Dimension Data focuses its services on assess-comply-manage-respond step process. For that purpose, the company has targeted its solutions across security advisory, compliance and architecting services.

The company has also taken a layered approach to security by mapping in architecture of major tier 1 security partners such as Fortinet, Symantec, Microsoft, Carbon Black, McAfee, Check Point, McAfee and others.

The company also provides managed security service in the areas of email, web gatewalls, firewalls, intrusion and detection and web SaaS.

The company's ultimate goal? To take the statistics from NTT Security and make sure they don't affect APAC businesses.

"We want to leverage the technologies that come from global but make it real here in New Zealand," Burdan concludes.

Related stories
Top stories
Story image
Stock security features inadequate in face of rising risk
"Organisations must proactively find ways of identifying unseen vulnerabilities and should take a diligent, holistic approach to cybersecurity."
Story image
Video: 10 Minute IT Jams - An update from CrowdStrike
Scott Jarkoff joins us today to discuss current trends in the cyber threat landscape, and the reporting work CrowdStrike is doing to prevent further cyber harm.
Story image
Forescout reveals top vulnerabilities impacting OT vendors
Forescout’s Vedere Labs has disclosed OT: ICEFALL, naming 56 vulnerabilities affecting devices from 10 operational technology vendors.
Story image
Digital Transformation
What CISOs think about cyber security, visibility and cloud
Seeking to uncover the minds of CISOs and CIOs across Asia Pacific, my company recently asked Frost & Sullivan to take a snapshot of cloud adoption behaviour in the region.
Story image
IT and security team collaboration crucial to data security
Many IT and security decision makers are not collaborating as effectively as possible to address growing cyber threats.
Story image
Aqua Security, CIS create software supply chain security guide
Aqua Securityand the Center for Internet Security have together released the industry’s first formal guidelines for software supply chain security.
Story image
Online identity theft is rising in NZ - here’s what to do about it
It may start with a few stolen details online, but it could end with thousands of dollars missing or worse, a reputation down the drain.
Story image
Network Security
Netskope announces zero trust network access updates
Customers can now apply zero trust principles across a range of hybrid work security needs, including SaaS, IaaS, private applications, and endpoint devices.
Story image
The link between cybersecurity, extremist threat and misinformation online in Aotearoa
Long story short, it's often the case that misinformation, threat and extremism link closely to cybersecurity issues and cyber harm.
Story image
Tech job moves
Tech job moves - Boomi, Limepay, Thales, VMware & Zoom
We round up all job appointments from June 6-16, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Q1 DDoS and application attack activity reveals surprise result
The cybersecurity threat landscape in the first quarter of 2022 represented a mixed bag of old enemies and new foes. New actors dominated the DDoS threat landscape while application security faced tried-and-true attack vectors.
Story image
Identity and Access Management
Ping Identity launches corporate venture capital fund
Ping Identity has launched a corporate venture capital fund to foster innovative offerings for the identity security market.
Story image
Trend Micro unveils dedicated security for electric vehicles
The cybersecurity company has announced VicOne - dedicated security for the electric vehicles and connected cars of today and tomorrow.
Story image
Why is NZ lagging behind the world in cybersecurity?
A recent report by TUANZ has revealed that we are ranked 56th in the world when it comes to cybersecurity - a look into why we're so behind and what needs to be done.
Story image
Internet of Things
Domino's Pizza: A blueprint for secure enterprise IoT deployment
Increasingly, organisations are embracing smart technologies to underpin innovations that can enhance safety and productivity in every part of our lives, from industrial systems, utilities, and building management to various forms of business enablement.
Story image
Aqua Security launches cloud native security SaaS in APAC
Aqua Security has announced the general availability of cloud native security SaaS in Singapore, serving the broader APAC region.
Story image
SMX partnership with Microsoft leads to NTT recognition
SMX has captured the attention of NTT after receiving positive reviews from businesses across Australasia and beyond for its email security.
Story image
Rapid7 report examines use of double extortion ransomware attacks
New insight into how attackers think when carrying out cyber attacks, along with further analysis of the disclosure layer of double extortion ransomware attacks, has come to light.
Story image
Palo Alto Networks named Google Cloud technology partner of the year for security
Palo Alto Networks was recognised for helping organisations rapidly transform security operations for future success.
Story image
Hundreds arrested, millions seized in global INTERPOL investigation
A two-month-long investigation by INTERPOL this year involved 76 countries and clamped down on organised crime groups behind telecommunications and social engineering scams.
Story image
Greater API usage raises concerns for protection - report
Radware has released its 2022 State of API Security report, which shows a rise in APIs, with 92% of the organisations surveyed significantly or somewhat increasing their usage.
Story image
Ready for anything with the PagerDuty Operations Cloud
In a world of digital everything, teams face increasing complexity. Ever-growing dependencies across systems and processes put customer and employee experience, not to mention revenue, at risk.
Story image
Digital Transformation
Cybersecurity priorities for digital leaders navigating digital transformation
In recent years, Asia-Pacific has especially been a hotspot for cyberattacks, and as we continue into 2022, it’s evident that the problem is becoming more significant.
Story image
Vulnerable APIs costing businesses billions every year
Large companies are particularly vulnerable to the security risks associated with exposed or unprotected APIs as they accelerate digital transformation.  
Story image
New survey uncovers critical OT security challenges
While industrial control environments continue to be a target for cyber criminals, there are widespread gaps in industrial security.
Story image
New research shows global drive for passwordless authentication
A new study has shown there has been a significant shift towards wanting a passwordless future, but adoption is still in its infancy.
Story image
Significant security concerns resulting from open source software ubiquity
"The risk is real, and the industry must work closely together in order to move away from poor open source or software supply chain security practices."
Story image
Tech job moves
Tech job moves - ActiveCampaign, Arcserve, LogRhythm & Qlik
We round up all job appointments from June 17-22, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Schneider Electric and Claroty launch building security solution
Schneider Electric has announced the launch of Cybersecurity Solutions for Buildings, a solution designed to help buildings customers secure BMS.
Story image
Unknown connections: How safe is public WiFi in Aotearoa?
If it's not your own household WiFi, then who has control of your data and is your connection actually safe?
Story image
Gartner's top recommendations for security leaders
"Leaders now recognise that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, philosophy, program and architecture.”
Story image
Secure access service edge / SASE
Cloudflare adds new capabilities to zero trust SASE platform
New features for Cloudflare One include email security protection, data loss prevention tools, cloud access security broker, and private network discovery.
Story image
Artificial Intelligence
Abnormal Security finds financial supply chain under threat
New research by Abnormal Security has found a rising trend in financial supply chain compromise as threat actors increasingly impersonate vendors.
Story image
Overcoming hybrid and multi-cloud challenges to drive innovation
Driven by improvements in technology, financial services companies have advanced both internal and external systems and processes, with the likes of digitisation, personalisation and risk management redefining the industry.
Story image
Amazon Web Services / AWS
Zscaler, AWS accelerate onramp to the cloud with zero trust
Zscaler has announced an extension to its relationship with Amazon Web Services, as well as innovations built on Zscaler's Zero Trust architecture.
Story image
Securonix partners with Snowflake, Zscaler in joint venture
Securonix is embarking on a joint technology integration with Snowflake and Zscaler to speed up threat detection and response at cloud scale.
Story image
QuSecure partners with DataBridge Sites to showcase platform
QuSecure has partnered with DataBridge Sites to showcase its Quantum-as-a-Service (QaaS) orchestration platform, QuProtect.
Story image
Varonis strengthens security capabilities for AWS and S3
Varonis has strengthened and expanded its cloud and security capabilities, with a critical aim of improving safety and boosting data visibility in Amazon Simple Storage Service (S3).
Story image
Threat actors ramp up their social engineering attacks
As people get better at identifying potential threats in their inbox, threat actors must evolve their methods. Their new M.O? Social engineering.
Story image
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
Data Protection
Thales solution supports DevSecOps teams with data protection
Thales' CipherTrust Platform Community Edition enables DevSecOps teams to deploy data protection controls into multi-cloud applications faster.
Story image
Dark web
Cybercrime in Aotearoa: How does New Zealand law define it?
‘Cybercrime’ is a term we hear all the time, but what exactly is it, and how does New Zealand define it in legal terms?
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Rimini Street
Today we welcome back Daniel Benad, who is the GVP & regional GM for Oceania at Rimini Street.
Story image
Trend Micro
5G network projects driven by improving security and privacy
Trend Micro's new study reveals the prospect of improved security and privacy capabilities are the main motivations behind private 5G wireless network projects.