Story image

Mass adoption of cloud and rise of digital business blurring traditional cyber security

11 Oct 16

Kiwi businesses are struggling to cope with the consequences a digital business model is having on their cyber security risk profile.

That’s according to the latest the Global State of Information Security Survey. Which reveals many New Zealand businesses over relying on basic penetration tests without developing a comprehensive security strategy.

The Global State of Information Security Survey (GSISS) 2017 tracks the transformation that digital business models are bringing to local companies, and the impact this is having on their cyber security efforts.

The survey found New Zealand organisations are ‘over-reliant’ on basic penetration tests, with 63% employing them as their primary control despite more attacks originating from insiders and business partners.

According to the results, New Zealand companies are lagging their global counterparts in understanding cyber security risks across their supply chain.

Moreover, while New Zealand companies are leading the world in cloud adoption, they aren’t making the corresponding investment in managing their cyber risk, the report found.

 “It’s heartening to see the change in perceptions among businesses in their approach to cyber security,” says Adrian van Hest, PwC New Zealand partner and cyber practice leader

“However, leaders are struggling to fully grasp the breadth of cyber risks their organisations face and the value of the data they are gathering, let alone translating awareness into action,” van Hest explains.

“Companies that are making this transition to a digital operating model have to make cyber security central to their transformation efforts.”

Cyber spending lags behind the rest of the world

Compared to the rest of the world, Kiwi businesses are lagging in the amount of spending they are directing towards cyber security.

These efforts are also focused more towards basic measures like penetration tests, at the expense of those that are more likely to address the insider and partner issue, such as comprehensive identity management systems and tighter control over administrator privileges.

The uptake of managed security services, for example, is almost half that of Australia (44% compared to 78%). At the same time, the origins of cyber attacks are becoming more diverse, with respondents twice as likely to report security breaches that originate from their business partners, compared to last year’s findings (21% compared to 10% in 2016).

“A major concern is the focus on only a narrow range of methods to detect cyber security weaknesses,” says van Hest.

“New Zealand companies are over-reliant on very basic penetration tests, and less focused on understanding their risk, let alone more advanced analytics and how to respond when something actually happens,” he says.

Blurring the lines of a cyber security strategy

The rise of digital businesses, mass adoption of cloud technology and the increasingly complex network of relationships with customers, employees and supply chain partners have all blurred the lines of traditional cyber security, says van Hest.

“As a result, New Zealand companies are struggling to respond to the added complexity.”

Only 29% of local firms evaluate the security of third-parties, despite suppliers and business partners being the fastest-growing source for cyber attacks. Likewise, employees were the single largest source of cyber security breaches, yet organisations are still focusing on external threats.

“Rather than trying to ring-fence their organisation, companies now have to develop a proactive security approach across their entire digital presence,” says van Hest.

“That means holding suppliers accountable for breaches, addressing the risk from employees and treating customer data privacy as a competitive advantage,” he explains.

“Every organisation’s cyber security approach has to begin with understanding their risk profile.

“Only then can they develop a strategy to protect their assets, detect when they experience a breach and then respond and recover effectively.”

Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.