Story image

Hush-hush attitudes toward cyber attacks 'devastating' Kiwi businesses

19 Apr 2016

Hush-hush attitudes of professional services firms and their IT providers are contributing to a tidal wave of cyber attacks that are continuing to devastate New Zealand businesses, according to IT firm Resolve.

Simon Falconer, Resolve managing director, says industry groups being hit with spam need to work together, alongside their IT providers or staff, to combat the growing spam problem targeting SMEs in specific industries.

“We’re seeing a substantial increase of spam targeting our customers and we’re finding that when a breach occurs it’s usually a malicious attack the industry has already seen and dealt with,” Falconer explains.

“The same mistakes keep happening because we aren’t talking to each other about it and what lessons should be learned,” he says.

Falconer is calling for more collaboration and information sharing on security threats and breaches between professional services firms via a private forum, but recognises some may not be willing to participate in a forum like this for fear that their reputation is at risk.

“No one talks – because when a security breach occurs the relevant business or the IT provider is embarrassed to suggest their clients’ data was at risk, and their reputation could be on the line,” he says.

“But if we were having these discussions in a respected and confidential environment we might be able to start combating the problem and provide better outcomes to our customers,” Falconer says.

The New Zealand Internet Task Force (NZITF), with members from some of New Zealand’s largest businesses and IT providers already exists, and has a focus on “improving the operational robustness, integrity, and security of the internet in New Zealand” where their regular forum allows for “collaboration on matters relating to the cyber security of New Zealand.”

Falconer says that it’s important to have a task force at a higher level established and commends the work the NZITF are doing, but believes there is still a need for more ‘on the ground’ level of action in this space.

“We want to see industry bodies like the Law Society or the Institute of Chartered Accountants leading the way and provide a forum where breaches can be openly discussed and strategies developed within their own industry,” he explains.

“The attacks are industry targeted and groups like the Law Society already have established structures to facilitate and organise a forum like this.

“There’s also perhaps a role here for the NZITF to work more closely with industry bodies either through training, or better information sharing, and that way we can bring the two together and reach a wider audience,” says Falconer.

In March, Falconer says a staggering 82% of email coming through Resolve’s mail server was recognised as spam and either discarded or held in ‘quarantine’.

Falconer says it has never been this high and new variants of malware invading computers and severs via spam email are emerging every day.

“The arms race between malware authors and security software developers is fraught with new and undetectable strains of malware making an appearance every day, and staying on top of it is a challenge,” he says.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.