A New Zealand cybersecurity academic says that the country’s business leaders still aren’t taking cybersecurity seriously enough – and that it’s posing significant risks to their organisations’ reputations.
According to Dr Ryan Ko, University of Waikato Associate Professor in Computer Science, the lack of communication is a serious flaw during cybersecurity incident response.
“The spread of information is so fast, and reputations are very hard to get back when lost,” he says.
Ko, who is also director of the NZ Institute for Security and Crime Science, recently spoke to business leaders in Hamilton as part of a Crucial Conversations Over Lunch (CRUNCH) meeting, organised by HMC Communications. He discussed the current state of cybercrime in New Zealand and organised a fictional cyber attack scenario in which participants could plan their responses.
Ko cites a Norton Cybercrime Report that shows global cybercrime is now bigger than drug trafficking.
“It was reported that, globally, cybercrime cost $388 billion which was larger than the cost of drug trafficking at $288 billion,” he says.
“Every half-second a unique malware or virus is created somewhere in the world. Cybersecurity is a serious concern for companies, and New Zealand business leaders need to do more to protect their company and their customers.”
This week is Cyber Smart Week, which encourages people to take control of cybersecurity both for their business and their home.
“The public perception is that businesses and boards should take responsibility for personal information, and that means cyber attacks have legal implications for directors. It’s not a matter of ‘if’ it will happen, but when, and directors may be facing liability,” Ko says.
Waikato Milking Systems general manager Campbell Parker says that although large organisations have robust measures in places, smaller firms are vulnerable, especially when they rely on external providers.
“I think we are quite naïve in New Zealand around risk. You see it in fraud cases, and it’s true when it comes to cybersecurity also,” Parker says.
“When you think that 97 per cent of New Zealand companies are SMEs (small-to-medium enterprises) with less than 20 employees, then there is a risk to them.”
Ko described cyber attacks on US retailer Target and hotel chain Wyndham Worldwide Corporation. Hackers breached Target’s systems in 2013 and stole credit card information from approximately 40 million customers.
New Zealand firms are at risk of many threats including Distributed Denial of Service (DDoS) attacks, social engineering, attacks on unpatched systems and older communications tools, ransomware, cyber forces and weaponry.
Workhub Services managing director Myles Imperial says cybersecurity affects all businesses.
“We are in a computer age and you have to have a plan if something happens online. This is a session that should be done by all business leaders,” she says.
Are you prepared for a cyber attack? Things for business leaders to consider
- What is your board of directors doing to address the risk of a cyber-attack to your business or organisation?
- Have cyber security policies been reviewed (and do they even exist)?
- Are there policies around external contractors?
- Does the business or organisation have cyber insurance?
- Is there a chief information security officer in the company?
- What would you do in the event of a cyber-attack, operationally and with your communications (internally and externally, including stakeholders and media)?