sb-nz logo
Story image

Hush-hush attitudes toward cyber attacks 'devastating' Kiwi businesses

Hush-hush attitudes of professional services firms and their IT providers are contributing to a tidal wave of cyber attacks that are continuing to devastate New Zealand businesses, according to IT firm Resolve.

Simon Falconer, Resolve managing director, says industry groups being hit with spam need to work together, alongside their IT providers or staff, to combat the growing spam problem targeting SMEs in specific industries.

“We’re seeing a substantial increase of spam targeting our customers and we’re finding that when a breach occurs it’s usually a malicious attack the industry has already seen and dealt with,” Falconer explains.

“The same mistakes keep happening because we aren’t talking to each other about it and what lessons should be learned,” he says.

Falconer is calling for more collaboration and information sharing on security threats and breaches between professional services firms via a private forum, but recognises some may not be willing to participate in a forum like this for fear that their reputation is at risk.

“No one talks – because when a security breach occurs the relevant business or the IT provider is embarrassed to suggest their clients’ data was at risk, and their reputation could be on the line,” he says.

“But if we were having these discussions in a respected and confidential environment we might be able to start combating the problem and provide better outcomes to our customers,” Falconer says.

The New Zealand Internet Task Force (NZITF), with members from some of New Zealand’s largest businesses and IT providers already exists, and has a focus on “improving the operational robustness, integrity, and security of the internet in New Zealand” where their regular forum allows for “collaboration on matters relating to the cyber security of New Zealand.”

Falconer says that it’s important to have a task force at a higher level established and commends the work the NZITF are doing, but believes there is still a need for more ‘on the ground’ level of action in this space.

“We want to see industry bodies like the Law Society or the Institute of Chartered Accountants leading the way and provide a forum where breaches can be openly discussed and strategies developed within their own industry,” he explains.

“The attacks are industry targeted and groups like the Law Society already have established structures to facilitate and organise a forum like this.

“There’s also perhaps a role here for the NZITF to work more closely with industry bodies either through training, or better information sharing, and that way we can bring the two together and reach a wider audience,” says Falconer.

In March, Falconer says a staggering 82% of email coming through Resolve’s mail server was recognised as spam and either discarded or held in ‘quarantine’.

Falconer says it has never been this high and new variants of malware invading computers and severs via spam email are emerging every day.

“The arms race between malware authors and security software developers is fraught with new and undetectable strains of malware making an appearance every day, and staying on top of it is a challenge,” he says.

Story image
Security and operations collaboration key to success post COVID-19
“We are in an ultra-hybrid world with multi-everything, and in order to successfully navigate this landscape, ITOps, DevOps, and SecOps teams need to more closely align."More
Story image
Why organisations should wise up to the DDoS extortion trend
While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected, writes NCC Group director of technical security consulting for Asia Pacific Tim Dillon.More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Attack from DOS: In Zero We Trust
In combination with malware, DDoS attacks on banks have been used to cause distraction so the transfer of stolen funds goes unnoticed. More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More