SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Medieval knight digital shield and new zealand map cyber defense illustration
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
Opinion

New Zealand’s place in global cyber defence - From medieval knights to cybercriminals

Wed, 23rd Jul 2025
By Patrick Sharp, General Manager, Aura Information Security

During World War I, the British Expeditionary Force was the first military unit to cross the English Channel. This highly trained army featuring cavalry armed with lances, sabres, and rifles was the last reminder of medieval warfare. They were quickly brought low by machine guns, barbed wire and trenches. By the time the war ended, a mere 13 years after the invention of flight, the skies were filled with fighter planes.

Conflict quickly reveals what works and what doesn't. In 2025, global instability has reshaped the battlefield once again. This time, it's digital.

The rise of digital guerilla warfare

We are witnessing a new kind of conflict: digital guerrilla war.

This is where decentralised cybercriminal groups are being funded by shadowy nation states to carry out cyber-attacks. These hidden attackers "live off the land" by using legitimate tools to infiltrate systems and strike when least expected.

Government entities are frequent targets, but private and listed companies are just as vulnerable. A major attack on them wouldn't just impact businesses, it could affect national stability and disrupt the economy.

New Zealand, like the rest of the world, is locked in a cyber battle where threats can come from anywhere, at any time. Today, the front line is everywhere. This might sound excessive and overdramatic, but that's the reality all business leaders need to understand. 

A key concept in cyber security is that the investment to prevent harm should be in proportion to the needs of the business. But for many businesses, simple technology choices supported by people and processes are enough to mitigate most threats.  But some organisations play integral roles in society and we can't afford for them not have the best security procedures in place.

The Government must lead on critical infrastructure

Critical infrastructure faces a much bigger threat. Last year, the United States Cybersecurity and Infrastructure Security Agency (CISA), found proof that a state backed cyber security group, Volt Typhoon, had secretly infiltrated critical infrastructure providers across the Western world. Their goal? To cause disruption at a key moment.

Another group, backed by the same nation-state, Salt Typhoon, has infiltrated nine major U.S. telecoms, accessing call data, text messages, and even recordings of prominent national leaders.

New Zealanders have a right to know that our infrastructure is being protected, and that the government is investing in national cyber defence before disaster strikes.

Cyber threats are no longer just a business problem; they're a national security issue.

Is New Zealand doing enough to protect its critical infrastructure?

Right now, the answer is no. We're at risk of falling behind.

In late 2024, Australia passed sweeping cybersecurity legislation to harden national defences. The new laws require industries to uphold high security standards and give the government powers to intervene in the event of a serious breach.

These reforms came in the wake of a string of devastating cyber incidents, including major data breaches at Medibank, Optus, and Latitude Finance in 2022 and 2023. The Latitude breach alone became the second largest in Australian history and the most damaging for citizens. It was also New Zealand's largest-ever data breach, exposing the personal information of 20% of our population.

Australia has been put serious effort into building its cyber posture at a national level, with a vision of being a global leader in cybersecurity by 2030.  In a world reliant on digital infrastructure, this will be a key competitive advantage.

New Zealand has the chance to tell the same story, but only if we act soon.    

That's why we need the government to enact legislation that will protect our country and people.  I appreciate developing legislation is not trivial, but the template has been created in Australia and it's in everyone's interest to reflect that over here. 

This will require some businesses to invest more to become compliant, but that's the point, that we all incur comparable costs to achieve a common standard. 

Cyber security is complex to understand. Humans evolved to recognise that a warrior charging at you is a threat, not a remote network of industrialised guerilla fighters with keyboards, backed by nations hiding their true intent.

New Zealand must not wait until we're reacting to disaster. We need a nationally unified, proactive cyber defence to protect our people, businesses, and critical systems before it's too late.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Eugene Donovan rejoins Gallagher Security as Training Solutions Engineer
Atturra & EncompaaS partner to accelerate agentic AI adoption
TeamViewer unveils Agentless Access for secure industrial control
Falco integrates Stratoshark for faster forensic cloud security
New Zealand students face digital risks well beyond social media

Top stories

AI & phishing attacks highlight human risk in Australian fraud
Synology unveils PAS7700 NVMe storage to meet AI data surge
Exclusive: Coevolve's Tim Sullivan warns firms on AI connectivity gap
Financial firms struggle to fully scale AI amid data silos & security
Datadog launches cloud storage tool to tackle rising AI costs