NZX, Metservice attacks show Kiwi companies must rethink cyber security
The spate of brazen cyber attacks against strategically important organisations like the NZX and Metservice must prompt Kiwi businesses to rethink their cyber security, says Accenture.
The attacks are a wake-up call for New Zealand businesses to step up their threat protection and contingency planning systems, the company says.
Businesses must invest in scalable security tools and upskilling of their people so they can spot cyber threats.
Accenture New Zealand managing director Ben Morgan says that better threat protection does not necessarily mean buying more expensive solutions.
“Organisations are spending more money on state-of-the-art security tools. But, if these are not scaled across their business then there will be vulnerabilities that can be exploited by cyber criminals and other malicious actors," he explains.
Accenture’s research has found that companies are continuing to invest in new security tools. Yet only one quarter of all these are being successfully scaled across their organisations.
“While the technology is there to thwart these increasingly sophisticated attacks, and companies are purchasing these solutions, they are coming unstuck when it comes to scaling them across their organisations," says Morgan.
"Their problem isn’t the technology, it is having the technology deployed correctly and making sure employees know how to use it,” he says.
According to Accenture, between January and March alone, more than 4,000 COVID-19 related domains were registered across the globe. CERT NZ and the NCSC have reported new waves of COVID-19 themed cyber attacks looking to exploit working from home vulnerabilities.
“The cyber security of any business is only as strong as its weakest link. More often than not, an organisation’s greatest vulnerability is employees," Morgan says.
"We have seen cyber criminals ramping up their efforts to exploit employees with targeted COVID-related attacks and scams.
“Falling prey to one of these scams can quickly open organisations up to exploitation. Cyber criminals will harvest credentials, install malware, and commit card fraud unless employees know what to look out for,” he says.
Morgan says that businesses need to elevate cyber security to be an important part of workplace culture.
“Cyber criminals’ currency is the disruption they are able to create to peoples’ lives. As we earn, learn and engage in online environments more than ever before, the scope for our lives to be disrupted has increased.
“Just like with workplace health and safety, all employees have a role to play in maintaining good cyber security practices. If employees are unsure about the origins of an email, or think a hyperlink or attachment look dodgy, then businesses need a way of assessing whether these pose a risk."
Morgan predicts that the uptake of cyber security services will mirror recent trends the IT community has seen with cloud computing, which were accelerated by COVID-19.
“Business leaders realised that they could not afford to continue to spend large amounts of money on bespoke systems that did not offer flexibility," he says.
"They moved to cloud providers who have the scale to offer more affordable and safer solutions. We are seeing a similar trend emerge with cyber security."
In response to increasing demand for cyber security threat protection, last year Accenture launched its new Sydney Cyber Fusion Centre. The Centre provides 24/7 cyber incident and threat monitoring services to government and commercial clients across the Asia-Pacific region and draws on the global expertise of Accenture’s 7000+ strong cyber security practice.
“There is no denying that every business will need their own cyber security champions. But as threats continue to increase, businesses will be looking to cyber security specialists who have the global networks, talent and scale to provide continuous monitoring and support," Morgan explains.
“Businesses should use the recent attacks as a catalyst to make sure their cyber security solutions are fit for purpose. A failure to do so could lead to them joining the growing list of Kiwi companies who have had their operations disrupted or had their systems held to ransom."