With the accelerated shift towards digital transformation brought by the pandemic, New Zealand companies are steadily migrating their businesses to the digital space to adapt to the demands of the new normal.
Unfortunately, for some organisations, the shift came at a cost. According to a report, hundreds of the country’s businesses with online capabilities are now losing money to cyber-criminals. In the third quarter of last year, 281 Kiwis’ businesses reported cybersecurity breaches and many others are likely to have suffered the same fate, without reporting it. The average direct financial loss for small to medium business is still small, only a few thousand dollars, so, it often goes unreported.
However, it was also noted that at least 13 Kiwi businesses lost more than NZ$100,000 each near the end of last year. The most common crime involved in the unauthorised transfer of money, after a company’s email accounts was compromised. The criminals use phishing attacks to harvest credentials. The fake email looks like a real email and gets you to click on a link. This drops a piece of code onto the computer that looks for login and password details which it sends back to the criminal and businesses are not even aware of it. Other common scams which resulted in businesses losing money included new business opportunity emails, fake investment opportunities and fake rewards.
More importantly, the fundamental shift to home and remote working due to COVID-19 has caused a major headache for cybersecurity professionals. This is because many of them are accustomed to a much more controllable security surface area that office buildings and on-premises security infrastructure provide. With so many people working from home, the corresponding surge in app usage, unmanaged devices, web traffic and accessing internal resources is making security a much trickier prospect.
As the business world continues to adapt to the new way of working, the security mistakes of the past year should no longer be repeated. Rather than taking a panicked approach, organisations must take their time and select a consolidated solution.
Accordingly, as organisations accelerate their spending on cloud migration and digitalisation to manage the effects of the pandemic, many may be overestimating their ability to protect their systems and their processes thus making them vulnerable to attacks, as previously reported by OpenGov Asia.
At the same time, these problems are showing no signs of easing; supply chain threats are ramping up; the healthcare industry continues to be targeted; efforts to shift to a remote working model are, more than ever, complicated by the actions of threat actors, which found that attackers are doubling down on high-value targets and weaponising the software supply chain. Adding to challenges, cybersecurity is ranked by executives as the second-highest risk to enterprises, and attacks on critical infrastructure are rated as the fifth-highest global risk by the World Economic Forum.
A study by the government found that 66% of businesses attacked make no substantial changes to their cybersecurity measures to prevent future attacks. With criminals often only taking small amounts, the individual cost feels small, whereas the collective economic sum is huge.
Considering these existing threats, developing a strong cybersecurity culture is equally essential as deploying software solutions and technologies to protect systems from breaches, as stated by an international cybercrime centre. Prioritising regular training sessions for employees on cybersecurity approaches and tools and distributing frequent updates on the changing cybersecurity threat landscape, organisations can essentially build a human firewall to complement a digital layer of protection.
The Ministry of Foreign Affairs & Trade asserted that the country’s dependence upon cyberspace means that securing their networks, systems, programmes and data from attacks or unwanted access is of vital and of increasing importance.
Ministry also said that the country is a champion of the international rules-based order and free, open and secure internet. The application of international law to state activity online is a critical component of the framework of responsible state behaviour in the digital space. It is essential for maintaining international peace and stability.