Story image

Fear of cyber risk is stunting growth in NZ businesses

23 Jul 18

New Zealand businesses need to revamp their cybersecurity efforts if they’re to have any hope of making the most of digital transformation, a new report by Microsoft and Frost & Sullivan says.

The report found that 36% of the New Zealand organisations surveyed had experienced a cybersecurity incident; however 16% were not sure because they did not conduct a data breach assessment or digital forensics.

Furthermore, 43% of New Zealand respondents say they have put off digital transformation because they are worried about cyber risks.

“As companies embrace the opportunities presented by cloud and mobile computing to connect with customers and optimise operations, they take on new risks,” comments Microsoft New Zealand national technology officer, Russell Craig.

“With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation—as has been made all too clear by recent high-profile breaches.”

Unsure what to do about it, many organisations are taking the wrong approach to dealing with security. Many see security as an afterthought, while others use an ‘unnecessarily complex’ range of cybersecurity solutions.

The report also found that before a digital transformation project, only 19% will consider cybersecurity. The report says this mindset limits an organisation’s ability to conceptualise and deliver a ‘secure-by-design’ project, which could lead to products going to market that have inadequate security measures.

If a business uses a large number of security solutions, it doesn’t necessarily mean they are any safer. Organisations with between 26-50 security solutions encountered a similar percentage of security incidents as those organisations with fewer than 10 solutions.

The report suggests that it’s best to reduce complexity and the number of security tools organisations use.

Artificial intelligence continues to be a hot topic in cybersecurity, with 65% of respondents either adopting or looking to adopt an AI approach towards cybersecurity protection.

“Utilising AI-enabled security tools can significantly reduce risk,” says Craig.

“Ever more advanced tools scan incoming mail for threats and filter these out before they even reach our inboxes. Of course, it’s impossible to entirely prevent malicious hacking, human error or other sources of cyber risk, but the effectiveness of these tools continually improves, thanks to the vast scale of cyber threat data that can be gathered via the public cloud and translated into insights using data analytics.”

The report provides three recommendations:

Continue to invest in strengthening your security fundamentals: Over 90% of cyber incidents can be averted by maintaining the most basic best practices. Maintain strong passwords, use multi-factor authentication and keep device operating systems, software and anti-malware protection up-to-date;

• Assessment, review and continuous compliance: Assessments and reviews should be conducted regularly to test for potential gaps. Keep tabs on not just compliance to industry regulations but also how the organisation is progressing against security best practices; and

• Leverage AI and automation to increase capabilities and capacity: With security capabilities in short supply, organisations need to look to automation and AI to improve the capabilities and capacity of their security operations.

The statistics are taken from the Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World report.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.