Story image

New Zealand staff responsible for 29.6% of cyber attacks - report

25 Oct 17

Current staff are responsible for 29.6% of cyber attacks in New Zealand and are some the biggest cyber risks for Kiwi companies – at least that’s what PwC’s latest Global State of Information Security Survey 2018 has found.

Service providers, suppliers and business partners all contribute to the risk, but none more so than staff members themselves, according to the 62 top security professionals who took part in the New Zealand component of the global survey.

“The ‘unknown hacker’ was picked as the largest category responsible for cyber attacks and that’s because attribution is difficult and most companies end up not knowing where or who the attackers are. However, it became clear that people known to the company were also among the biggest threats,” says Adrian van Hest, PwC Partner and cyber practice leader. 

Van Hest says that cybersecurity investment is increasing; as are the number and cost of incidents.

“So while there’s continued spending, it doesn't mean that the investments are effective or that they’re being spent on the right things.” 

In New Zealand, only 49.2% of respondents said their organisation’s cyber spending is aligned with revenue; compared to 72.2% of those questioned in Australia and 65.7% globally.

New business models, including the uptake of cloud computing and mobile devices present new risks to organisations. It is not because they are any less safe, but because they require a different approach to cybersecurity management.

58.3% of New Zealand organisations indicate they have cyber insurance and 13.3% say they do not know.

“We’ve also found that investment in identity management is growing faster overseas because they’re experiencing more cyber incidents through increased cloud usage. Kiwi companies are slightly behind the trend as most of our cyber incidents still seem to occur because of outdated software. However, as more businesses move to the cloud, it’s only a matter of time before we face the same risks,” van Hest comments.

The report stresses that security is no longer an IT problem but one that involves ‘our entire digital society’. It says that businesses cannot trust that their company and customer data will stay secure.

New Zealand respondents rank traditional software vulnerabilities such as out-of-date software as the most common cause of security incidents.

“Building and maintaining trust is going to be the greatest differentiator for New Zealand businesses in our digital society and now’s the time to start taking that seriously.”

Globally, 29% of respondents indicate that CISOs are responsible for an organisation’s IoT security, followed by engineering (19%) and chief risk officers (17%).

In addition to the 62 New Zealand cybersecurity professionals, the survey also gained responses from 10,000 professionals worldwide.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.