SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Exclusive: The unstoppable monster that is cyber crime
Wed, 17th Aug 2016
FYI, this story is more than a year old

Cyber crime can sometimes feel like an unstoppable monster, ever evolving with multiple faces and an army of bad guys behind it.

According to security software firm Symantec, cyber criminals are now more than ever targeting businesses, governments, schools, healthcare facilities as well as consumers by exploiting security vulnerabilities in computers and networks.

And New Zealand isn't immune. New Zealand alone is seeing more than 100 ransomware attacks every day – a 160% increase since 2014.

Echoing these concerns is Dr Hossein Sarrafzadeh, professor and director at the Centre of Computational Intelligence for Cyber Security and High Tech Transdisciplinary Research Network at Unitec Institute of Technology, and Colin James, head of security at Vodafone, who are behind a joint initiative looking to combat these increasing threats and get ahead of the pack in this cyber security arms race.

According to James, there's a belief that New Zealand's location at the bottom of the world protects us from cyber attacks like ransomware. This belief is wrong, he says.

“Geographical isolation is not a cyber security measure, there's no geographic boundary,” he explains.

“Malware, ransomware in particular, is still a large scale threat facing New Zealanders.

Hossein agrees, saying ransomware is one of the biggest threats facing New Zealand right now.

“A ransomware attack means money lost, normally to people residing overseas somewhere faraway we can't reach,” says Hossein.

The health sector is particularly vulnerable when it comes to ransomware attacks, he says.

“We rely heavily on data,” Hossein says. “Aside from personal data being in the hands of the attackers, they can close down the operations of health care systems that rely on data – so it could be life threatening.

Hossein says the other threat he is seeing is the Internet of Things.

“All our houses will be using this technology and the security on that is even more challenging than other IT systems,” he explains. “And I see that being a risk in the future.

Hossein says New Zealand is starting to step up when it comes to raising awareness about the threats of cyber security, but we're steps behind compared to other countries.

“The Government's Awareness Campaign is working very well, but we need multiple initiatives,” he says.

“It's not just the government that should take responsibility. It should be a joint effort by the government, the private sector and tertiary institutions.

Hossein says the United States' investment into cyber security is impressive.

“The U.S is investing billions in expanding their cyber capabilities,” he says. “Graduates of cyber security programmes earn starting salaries of $88,000. New Zealand's starting salary is nowhere near that.

Hossein worries these differences will cause a huge gap in the New Zealand market, and as a result will leave our local businesses even more vulnerable to attack.

“Look, the government is doing something, but we all need to step up our game and increase our efforts. Because our school kids are at risk, our businesses are at risk,” he says.

Vodafone CEO Russell Stanners says the fight against cyber crime is essentially an arms race. James says he is absolutely right.

“Basically as we develop new techniques for defending our networks, the bad guys then adapt their techniques and bypass our defences that we've put in place,” he says. “We change our defence methods constantly.

“The criminals aren't changing, they just have more sophisticated tools,” he adds.

James says research is really gong to come into play here.

“New techniques are vital to help us get a step ahead of the game, rather than this constant battle cycle that we are in,” he says.

Hossein agrees.

“We need to stay ahead of the hackers. They are smart people and they keep developing new ways to make their attacks more effective, so we need to invest more in ways to make our defence more effective.

According to Unitec chief executive Rick Ede, by the end of this year there will be a global need for a further one million cyber security professionals, and six million by 2022.

Figures Hossein says is worrying.

“As the threat of cyber attacks spreads, there is widespread concern about the number of cyber security graduates and professionals available,” he explains.

Hossein says that while a lot of tertiary institutions in New Zealand are trying to establish cyber security programmes, Unitec is well ahead.

Earlier this year Unitec launched the Capture the Flag cyber security competition in a bid to engage high school students, after visits by Unitec to secondary schools in New Zealand revealed a ‘distinct lack' of cyber security knowledge.

Furthermore, Unitec established the Cyber Security Research Centre in 2012, New Zealand's first, and offers numerous course in cyber security at Bachelors, Masters and Doctorate level as well as holding strong partnerships with top research institutes, universities, and institutes of technology overseas.

“We're preparing the talent early on, which means the benefits will be more,” Hossein says.

 “We have become a hub for cyber security in this country,” he adds.

“Unitec is committed to providing both education and research outcomes in the area of cyber security, and we've invested heavily in this area."

Earlier this week Unitec and Vodafone announced they were joining forces to establish a joint cyber research facility and secondment programme, in a bid to raise the next generation of cyber security professionals.

According to Vodafone, the telecommunications giant has stringent measures in place to protect itself and its customers from security breaches. Amongst these is the Cyber Defence Centre.

“We've established the Cyber Defence Centre in Auckland in a move to protect Vodafone assets and provide customer assurance,” James explains.

“This has been running for just over 18 months and on top of that we're enhancing our base line of security in the organisation,” he says. “Looking at where the landscape is moving and adapting to suit.

James says Vodafone has been working with Unitec on several initiatives for a while, building a strong relationship in the security community.

“We have been looking at how we can be more involved in academia, looking at how we can mitigate all these threats,” he says.

James says the joint cyber research facility is effectively a combining of Vodafone's Cyber Defence Centre and the research group at Unitec. He says by working together, Unitec researchers can deploy techniques in a real world environment, which allows them to see how it works in the real world as opposed to a lab.

James also says he sees the agreement as a long term partnership moving forward, with students spending time in the Vodafone centre and getting some real world, hands on experience.

Hossein agrees, saying the partnership with Vodafone started a long time ago.

“We do have relationships with lots of companies, but Vodafone is focused on innovation,” Hossein says.

“They see innovation and tech as a way forward. And we feel the same about creating an IP and innovating so that brought us closer together,” he explains.