Story image

NZ's global alliances put it at risk for cyber attacks, expert says

New Zealand is heavily likely to face significant cyber attacks, with one prominent tech security expert claiming its membership in the five-eyes alliance is putting the country at risk. 

The five-eyes alliance is a group of countries made up of New Zealand, USA, the UK, Canada and Australia, which shares classified foreign intelligence, including the cyber operations of state actors. The countries are party to a joint cooperation in signals intelligence.

Theo Nassiokas, former cyber and information security director at Barclays in Singapore, says this situation places New Zealand and the other five-eyes alliance members in a higher risk profile, as they are being targeted by countries with opposing foreign policies, including Russia, North Korea, China, Iran and others.

"Since 2018, there is clear evidence and a growing trend that the most significant and successful cyber-attacks are carried out by state actors," says Nassiokas.

"It is common to hear cyber threat actors placed into one of four categories, being state sponsored, criminal, hacktivist and terrorist," he explains.

"What this recent trend is showing us is that state actors are the most active with regard to any one of these cyber threat actor categories. This is what I will be outlining at the cyber security summit, organised by NZTech and Conferenz in Wellington."

Nassiokas is the key speaker at the 2019 New Zealand Cyber Security Summit in Wellington on October 16.

"Cyber attacks can't be prevented, and there are two types of organisations; those that have been hacked and those that don't know they've been hacked," he states.

"This includes both government and private sector organisations," says Nassiokas. 

"However, all New Zealand organisations need to consider a commercially feasible cyber strategy involving a smart combination of technology, people and process controls to achieve an optimal level of cyber security and cyber resilience," he explains.

"Cyber security deals with controls designed to prevent successful cyber-attacks and cyber resilience deals with controls designed to maintain seamless business operation during or post a successful cyber attack and both are critical in a holistic cyber strategy," Nassiokas says.

"I can't over-emphasise the importance of cyber intelligence sharing between private sector and government as this will give participants the big picture."