Story image

Tackling NZ cybercrime in 2017: Why recovery is just as important as prevention

10 Feb 17

Cybercrime is nothing new. Every year, businesses across New Zealand are hit by some sort of virtual attack. Although Microsoft's Malware Infection Index 2016 ranked New Zealand 18 out of 19 Asia Pacific markets, the idea that businesses are safe is wrong. According to Keshav Dhakad, head of Digital Crimes Unit at Microsoft, the "Internet has no boundaries" and every business, including those in New Zealand, are vulnerable.

In fact, a recent story on CIO highlighted just how sophisticated the world of cybercrime is becoming. With big money to be made from hacking into a company's database and stealing sensitive information, scammers are now attempting to dupe the hackers. Selling everything from fake databases to made-up credit card information, scammers are posing as legitimate hackers in an attempt to make money from those in the virtual underworld.

Hacking is Becoming a Complex Industry

In response to the recent surge in scammers, a new database called Ripper.cc has been set up. The idea behind it is to store a list of known scammers so that cybercriminals can avoid them in the future. Aside from Ripper.cc giving cybercriminals a better insight into the rats in their own community, the site is evidence of how hacking is now an industry and not a pastime. If that's the case, businesses need to be even more vigilant.

Naturally, everything from web application firewalls, passwords and levels of access should all be a standard for any business with an online presence. However, what if it all goes wrong? What if a hacker does manage to break through your defences and access your company's sensitive data? According to data security company Incapsula, a disaster recovery plan (DRP) is not only essential for responding to these situations, but for helping to prevent them.

Learning How to Recover is Crucial

As defined by Incapsula, DRP is the process of responding to a disaster scenario in such a way that it supports "time-sensitive business processes and functions" and maintains "full business continuity." From a preventative perspective, a DRP gives businesses a clear idea of what risks it can face in the virtual world. Indeed, before defining what steps need to happen in order to recover from a disaster, a company first needs to know what potential disasters are out there.

Once your system is compromised and in a "disaster" state, the strategy you then use will be dependent on whether you're concerned about how long your service is offline (Recovery Time Objective - RTO) or how old data is handled once you're back online (Recovery Point Objective - RPO). Naturally, cost and practicality will affect a company’s DRP. For example, a "hot-hot" system using synchronous replication will ensure that a system is 100% synchronised at all times. This means that in the event of an attack, a parallel system kicks in so that your service stays online.

Small Businesses Can Also Afford a Recovery Plan

However, this method is resource intensive and, therefore, something that smaller businesses may not be able to afford. As an alternative, semi-synchronous replication will only kick in once a series of changes have been detected. If a company can afford some loss of data or downtime, this sort of system can be effective as it gives them just enough breathing space to recover and get back online without being too costly.

Whichever way you look at it, cyber security is essential for New Zealand businesses and a DRP is an important part of a complete strategy. Indeed, with The Herald reporting that cyber-attacks have more than doubled over the last five years, businesses across the country can't afford to take any risks. Although DRPs might seem like something only the biggest companies need to worry about, it's worth remembering that data from any source can be valuable for a hacker.

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."