Hush-hush attitudes of professional services firms and their IT providers are contributing to a tidal wave of cyber attacks that are continuing to devastate New Zealand businesses, according to IT firm Resolve.
Simon Falconer, Resolve managing director, says industry groups being hit with spam need to work together, alongside their IT providers or staff, to combat the growing spam problem targeting SMEs in specific industries.
“We're seeing a substantial increase of spam targeting our customers and we're finding that when a breach occurs it's usually a malicious attack the industry has already seen and dealt with,” Falconer explains.
“The same mistakes keep happening because we aren't talking to each other about it and what lessons should be learned,” he says.
Falconer is calling for more collaboration and information sharing on security threats and breaches between professional services firms via a private forum, but recognises some may not be willing to participate in a forum like this for fear that their reputation is at risk.
“No one talks – because when a security breach occurs the relevant business or the IT provider is embarrassed to suggest their clients' data was at risk, and their reputation could be on the line,” he says.
“But if we were having these discussions in a respected and confidential environment we might be able to start combating the problem and provide better outcomes to our customers,” Falconer says.
The New Zealand Internet Task Force (NZITF), with members from some of New Zealand's largest businesses and IT providers already exists, and has a focus on “improving the operational robustness, integrity, and security of the internet in New Zealand” where their regular forum allows for “collaboration on matters relating to the cyber security of New Zealand.
Falconer says that it's important to have a task force at a higher level established and commends the work the NZITF are doing, but believes there is still a need for more ‘on the ground' level of action in this space.
“We want to see industry bodies like the Law Society or the Institute of Chartered Accountants leading the way and provide a forum where breaches can be openly discussed and strategies developed within their own industry,” he explains.
“The attacks are industry targeted and groups like the Law Society already have established structures to facilitate and organise a forum like this.
“There's also perhaps a role here for the NZITF to work more closely with industry bodies either through training, or better information sharing, and that way we can bring the two together and reach a wider audience,” says Falconer.
In March, Falconer says a staggering 82% of email coming through Resolve's mail server was recognised as spam and either discarded or held in ‘quarantine'.
Falconer says it has never been this high and new variants of malware invading computers and severs via spam email are emerging every day.
“The arms race between malware authors and security software developers is fraught with new and undetectable strains of malware making an appearance every day, and staying on top of it is a challenge,” he says.