cfo-nz logo
Story image

Study: Business has never been better for cybercriminals

More than a third of New Zealand businesses have experienced a cyber attack in the past 12 months, a 10% increase on the year before, according to new research from Aura Information Security. 

The research shows Kiwi businesses believe the situation is only going to get worse, with 42% expecting their company to fall victim to a cyber-attack in the year ahead. 

Aura Information Security polled 360 IT decision makers on their experiences of cyber issues in their business, ranging from SMEs to large corporates, right across New Zealand.

Aura Information Security general manager, Peter Bailey says business has never been better for cybercriminals.

“Sadly, cybercrime does pay – and it pays well. Hackers have an ever-expanding skillset and it’s getting easier for them to find weaknesses in business networks and staff emails that allows them to gain access to large quantities of personal and financial data,' he explains.

Bailey says the prevalence of advanced ransomware is funding hackers across the world, and it highlights the value of data. While almost 40% of respondents would not pay a ransom, 20% of Kiwi businesses said they would be prepared to hand over between $10,000 and $20,000 to regain access to their data if it was locked or stolen. Almost one in 10 businesses would fork out more than $50,000 if faced with a ransomware attack.

“Intelligent automation means most attacks these days start with little human involvement. These probes run around the clock and only alert the hacker once a weakness is identified. That makes cyber-attacks highly efficient, as the hacker only need focus on ‘qualified leads’, when their malware has already made its way into your systems,” says Bailey. 

With the increase in automated malware, there should also be an increase in businesses undertaking regular penetration testing, notes Bailey. 

"Unfortunately, this isn’t the case, with less than half of Kiwi businesses undergoing system penetration testing in the last year," he says.

“Penetration testing is vital to ensuring secure systems. It allows businesses to patch holes in weak areas and help to prevent hackers from gaining access. Without that, your business can be open to a security breach.”

Bailey confirms the threat of a breach is always present.

“Cybercrime is a constant fact of our modern life. Your technology is being probed all the time and you may very well experience an attack. All it takes is a moment’s inattention, a single unsecured machine or uninformed employee, and even the best of defences can be compromised," says Bailey.

“Cyber security is only as strong as the weakest link, but with the majority of organisations not understanding current password best practice, we’re not off to a great start.”

Bailey says Privacy Bill updates will take some businesses by surprise.

He says he was surprised to find that only half of Kiwi businesses are aware of the impending Privacy Bill changes on mandatory data breach notification.

“This is an alarming statistic considering 20 percent of businesses are not prepared to notify customers in the event of a security breach, despite the fact they will soon be legally required to do so. What’s even more concerning is this number is up from 17% in 2018," says Bailey.

“Another worry is that almost a third of New Zealand businesses are not assessing the impact a significant breach would have on their organisation. Not only are these organisations putting their head in the sand, they could also face some hefty fines if they are introduced as part of the changes to the Privacy Bill,” he explains.

More than half of respondents said the prospect of large legal fines would lead them to review their cyber security protocols.

“With the implementation of similar legislation in Europe and Australia over the past few years, we are just starting to see the positive impact this can have. As the proposed fine regimes for New Zealand are significantly lower compared to other countries, it will be a waiting game to see whether this change has a significant impact or is enough of a deterrent for businesses," Bailey says.

“When it’s all said and done, money talks. I’d love to see the introduction of fines be included in the Privacy Bill updates in 2020."

The report also revealed an unfounded sense of trust in cloud storage. Three in five businesses store data in the cloud, and 55 percent of businesses trust the person who built or administered their cloud environment did so securely.

“So many businesses have embraced cloud data storage, believing that placing their data in the cloud takes away all of their responsibility for security, when in reality this couldn’t be further from the truth,” explains Bailey.

“It is important businesses understand the joint role necessary to ensure data is secure. The cloud doesn’t automatically mean your data is safe, and businesses still need their own data security policies in place. Never place all your trust in the cloud," he says.

Bailey says he is encouraged that more businesses are taking cybercrime seriously.

“It used to be that cyber security was only a job for the IT department, not something for senior executives to put on the agenda. I’m pleased to see more than 90 percent of respondents say their Board or senior management is now engaged in cyber security, and two thirds say senior management see cyber security as a key concern or risk.”

The fact that 70% of respondents to Aura Information Security’s survey expect cyber-attacks to become more frequent and more sophisticated is a sign that organisations are beginning to understand the growing threat, Bailey says.

“Businesses recognise the dangers and now they must prepare for them. They should actively seek the weak points in their system with regular penetration testing so they can patch things up before hackers get a chance to attack.

“It’s also important to prepare for the worst. Assess the impact a data breach would have on the business and be sure to have a response plan in place, so you know what to do if your network is compromised,” he says.

Story image
Cloud migration needs to be an urgent priority for enterprises
There’s a strong sense of urgency for companies to move away from archaic and costly systems and towards establishing a clear plan for cloud migration and digital transformation before the year is out.  More
Link image
Zendesk Showcase: A CX event for these topsy-turvy times
The world is in uncharted territory – there is no blueprint for doing business right now. Each day brings new challenges. Join business leaders to share your thoughts and learn how to thrive in the face of adversity.More
Story image
Value of quantum computing uncertain for at least 10 years - research
"Quantum computing is not currently providing business value that could not be achieved with today's existing computers, and it is not clear when it will."More
Story image
Modern applications helping organisations succeed during pandemic
"For years now, businesses have been on a mission to digitally transform themselves and their operations. This year's global pandemic served as a barometer for the true state of that digital transformation."More
Story image
CareAR integrates AR support solution with ServiceNow
CareAR is an augmented reality visual support platform that helps enterprises add AR capabilities to their service experience.More
Link image
A great ERP tool achieves a lot for your customers & financials
NetSuite’s cloud native SRP is not a project management tool that talks to your finance system. It's end-to-end project management capability for service professionals, integrated with NetSuite's full ERP solution. More