A new report has highlighted the growing threat of cyber attacks, with businesses in New Zealand facing a significant risk of falling victim to such incidents. The report, released by Kordia, emphasized that cyber attacks are not a matter of if, but when, with a global average of between 100 and 250 attacks per second.
The report also revealed that many New Zealand businesses are ill-prepared to respond effectively to cyber attacks, with a significant number of incidents going under-reported. In fact, the report indicated that ransom payments made to recover stolen data are not uncommon, with nearly 10 percent of businesses admitting to paying a ransom demand in the past year.
Despite the global average of company ransom payouts being much higher, at around 50 to 60 percent, the actual number of ransom payments made by New Zealand businesses may be much higher than reported. Data from Payments NZ suggested that approximately $200 million was lost to scams in the country within a year, although industry experts believe this figure could be significantly underestimated due to under-reporting.
Conan Bradley, the incident response and digital forensics practice lead at Kordia, stressed the importance of businesses planning and practicing their response to cyber attacks. He highlighted the need for training and practice drills to ensure a timely and effective response when an attack occurs.
Small and medium-sized businesses were identified as being particularly vulnerable to cyber crime due to their limited resources. However, Bradley emphasized that these businesses still have the opportunity to manage the risk effectively through proper planning and training.
The report also highlighted identity theft as the most common type of cyber crime, with adversaries often gaining access to legitimate accounts through data breaches or phishing attacks. It recommended that companies adopt a zero-trust principle, where every user access request is explicitly authenticated and given the least privilege.
Another emerging risk highlighted in the report is the advances in quantum computing, which could potentially break through the encryption currently used to protect electronic communications by 2030. Businesses were advised to start preparing for this technology shift and put a three-year response plan in place to mitigate the potential risks.
While AI-generated cyber protection is becoming increasingly popular, Bradley warned that firms should not rely solely on automated systems to keep critical data and systems safe. He emphasized the need for human intervention and decision-making in cybersecurity measures.
In conclusion, the report serves as a stark reminder of the prevalent threat of cyber attacks facing businesses in New Zealand. It underscores the importance of proactive planning, training, and a risk-based approach to cybersecurity to mitigate the risks posed by evolving technologies and sophisticated adversaries. Businesses are urged to take the necessary steps to protect their data and systems in the face of an ever-evolving cyber threat landscape.