What is the CERT NZ quarterly report?
Each quarter, CERT NZ publishes a quarterly report that presents information and statistics on the cyber security incidents that have been reported that quarter as well as the latest cyber security threats in New Zealand. They have recently published their quarterly report for Quarter One of 2018 (01 January – 31 March).
What happened in Quarter One?
Some of the key points contained within the report are:
- Quarter One of 2018 saw the largest number of reported incidents per quarter to date. SSS believes that this increase is, in part, due to an increase in the awareness of CERT NZ as a reporting mechanism.
- This quarter, CERT NZ introduced ‘age data’ to better understand the demographic of who is reporting incidents as well as what type(s) of incidents they are most affected by. 180 reports included date of birth information and all age ranges were affected. However, when looking at the value of financial loss by age, 87% of reports were made by people over 55 years.
- Financial loss continues to be high, with nearly $3 million of losses reported. This is more than half the total losses reported to CERT NZ in 2017.
The number of reports in several incident categories increased significantly compared to the previous quarter including reports of:
- phishing and credential harvesting (55% increase)
- unauthorised access (67% increase)
- reported vulnerabilities (133% increase)
What is the greatest threat from Quarter One?
Phishing has become the top category of incidents and comprised 39% of the reports submitted. CERT NZ states that part of the increase is due to the number of phishing website take-downs it has been involved in as efforts to address this issue have intensified.
What can our customers do about the current cyber security threats?
CERT NZ has provided critical controls; these aim to provide a base level of security capability that will thwart the majority of attacks.