Story image

New Zealand is one of the 'Cyber Five' APAC countries most at risk of cyber attacks

05 Mar 2018

New Zealand is one of Asia Pacific’s ‘Cyber Five’ for the most vulnerable countries to cyber attacks despite increased cyber resilience capabilities and strategies to deal with them.

That is what a new paper from Delta Insurance claims, citing the Global Cybersecurity Index that puts New Zealand in 19th place for its commitment to cybersecurity.

The ‘Cyber Five’ includes New Zealand, Australia, South Korea, Japan and Singapore – countries that are apparently at risk of attacks more than any other Asian economy.

“New Zealand’s global information footprint is on the rise and our increased dependencies on globally connected Internet infrastructure will only draw New Zealand further into the cyber risk landscape,” the report says.

According to Delta co-founder Ian Pollard, the research reveals deep vulnerabilities in New Zealand businesses.

“A cyber risk can arise despite a business’s best efforts to avoid it, and it is vital to mitigate those risks,” he says

New Zealand is also falling behind international standards in terms of legislation. Delta says that breach notification laws are present in other countries, but there is no compulsory data breach notification law yet.

“Following the EU’s and Australia’s lead, a variety of New Zealand proposals have been recommended, both preventative and responsive measures to protect those involved in an attack. The proposed New Zealand legislation will require mandatory training for employees, ensuring their cybersecurity education is sufficient in providing protection for their organisation.”

Combined with the under-reporting of cyber attacks both in New Zealand and across the globe, there is now a perception that a cyber attack victim is punished by publicity, rather than the perpetrator.

Delta found that firms fear negative publicity, legal repercussions and the cost of notifications.

However major threats such as ransomware, Distributed Denial of Service (DDoS) attacks and state-backed cyber warfare continue to cause problems.

While cyber warfare may traditionally be associated with nation-states such as North Korea, New Zealand is still vulnerable and ‘will be affected in more ways than one’ – but the report does not hint at what those ways could be.

Phishing and whaling attacks are continuing to grow. Both may be remedied through education and awareness, but Delta believes technical security controls are necessary.

“The advancements of social engineering have made whaling extremely popular, particularly due to the high returns attackers have been receiving14 compared with the level of technical input,” the report says.

Emerging risks based on technologies such as artificial intelligence and the Internet of Things continue to grow, the company says.

“Experts are warning that the rise of AI will be used by criminals against companies to conduct cyberattacks. With AI, the targeting, payload selection, weaponising, delivery and execution, could in theory, be automated42. Human hackers often get caught because they get spooked, overconfident, frustrated or leave traces that give them away. It is likely that AI-enabled tools would not make the same mistakes – if they did, they would learn very quickly from these mistakes.”

Perhaps with something of a vested interest in the space Delta believes that New Zealand’s total cyber insurance market has potential to reach $100 million by 2025.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.