“Cyber criminals and malicious state-backed actors are targeting New Zealand now.”

  • SSS GRC Team
  • Jul 10, 2019

The above quote is taken from New Zealand’s Cyber Security Strategy for 2019, published by the Department of Prime Minister and Cabinet (DPMC).

Kiwi businesses and individuals are bleeding money

According to CERT NZ, New Zealand lost over $14 million to 3,445 reported cyber security incidents in 2018. Many organisations don’t know they can report incidents to CERT NZ, so these reported incidents only scratch the surface. The real economic impact of cybercrime is thought to be far higher.

National insecurity

Cyber terrorism is no longer a hypothetical concern for New Zealanders. After the Christchurch terrorist attack was live-streamed, our reputation as a safe and tolerant nation has been damaged. DPMC make it clear that our national security is also being targeted with state-sponsored espionage campaigns that seek to steal intellectual property and harm our critical infrastructure.

Democracy under attack

According to DPMC, “state-sponsored” actors have used cyber tools “to interfere with democratic processes.”. The most visible example of this was the interference campaign targeting the 2016 US presidential election. This nation-state cyber campaign was innovative and comprehensive, and many US citizens believe it may have swayed the outcome of that election. Here in New Zealand, we need to ensure that the democratic processes that protect the core values of our society are not vulnerable to state-sponsored threat actors.

How is New Zealand responding?

On 2 July 2019, DPMC released New Zealand’s refreshed Cyber Security Strategy, which is now in its third iteration. This document highlights five “priority areas” that the Government intends to focus on to improve our overall cyber security posture. These priorities and how they relate to services provided by SSS IT Security Specialists (SSS) are listed below:

1) Cyber security aware and active citizens

This priority relates to “building a culture in which people can operate securely and know what to do if something goes wrong.” In many cases, the weakest link in an information system is its human users. However, with the right cyber security awareness training, this human vulnerability can be transformed into a collaborative and dynamic component in your organisation’s cyber defences. SSS have deep expertise in the field of cyber awareness training, and a proven ability to get rapid and lasting results.

2) Strong and capable cyber security workforce and ecosystem

SSS work closely with tertiary institutions to give back to the cyber professionals of tomorrow. As well as supporting curriculum development, SSS are sponsoring a project for tertiary students to get cyber security industry experience while they are studying. We are also volunteering to deliver industry presentations, like PKI expert Paul Platen’s upcoming presentation to Weltec students on the growing field of Identity Management.

3) Internationally active

New Zealand would like to assert itself as a champion of the “international rules-based order and promote peace and stability in cyberspace.” International cooperation is in our DNA at SSS. We have strong partnerships with vendors from around the world, which enables us to assist public and private sector organisations to incorporate advanced technology and expertise into their security programmes.

4) Resilient and responsive

The intention for this priority is that “New Zealand can resist cyber threats and that we have the tools and know-how to protect ourselves.” Being resilient and responsive is about minimising the time to react to cyber incidents, and having the systems in place to respond consistently and effectively. At SSS we have developed our Security Threat Automation and Response Service (STARS) to empower our clients to respond in a timely, consistent, and effective way to the ever-increasing barrage of cyber threats they face. STARS augments clients’ existing products and resources to automate threat triage, analysis, and remediation using decisions based on best practices and client business rules.

5) Proactively tackle cybercrime

Cybercrime is becoming increasingly lucrative and popular. The growing availability of exploit kits make it easier for unskilled criminals to carry out cyber attacks. In addition to this, organised criminal gangs are using more sophisticated methods to target and exploit their victims.

This Government priority area aims to address the upsurge in cybercrime and reduce the impact on New Zealanders. SSS are helping to prevent cybercrime by assisting our clients to build better defences from the C-Suite to the front-line. Only organisations with robust governance and dynamic risk management can adapt fast enough to mitigate the rapidly evolving threats posed by international cybercriminals.

– – – – – – – – – – –

Click here to read New Zealand’s cyber security strategy 2019