peterzayda - stock.adobe.com
New Zealand’s geographical remoteness has traditionally kept hackers at bay, but the country’s growing digital economy is opening it up to more cyber attacks.
According to the country’s National Cyber Security Centre (NCSC), 347 cyber security incidents were reported between 1 July 2017 and 30 June 2018.
Out of those, 134 incidents – or 39% of the total – contained indicators that had been linked to known state-sponsored threat actors. This was up nearly 10% from the 122 state-sponsored-linked incidents recorded in the previous year.
In its annual cyber security report, the NCSC, part of the Government Communications Security Bureau (GCSB), said there had been a shift in New Zealand’s cyber threat landscape, with growing avenues for cyber threats and changes in actor behaviour.
However, this was offset by the NCSC’s increased ability to disrupt threats at an early stage. The vast majority of recorded incidents were detected at, or before, an actor’s first attempt to compromise an organisation, minimising the harm to New Zealand organisations.
The NCSC said it had reduced potential losses of about NZ$27m through its so-called Cortex capabilities, which were developed to counter threats to critical infrastructure. It claimed that since 2016, it had reduced an estimated total of NZ$67m in harm to New Zealand organisations.
Separately, the NCSC linked a long-running cyber threat campaign aimed at stealing the intellectual property and commercial data of a number of global managed service providers – including some that operate in New Zealand – to China’s ministry of state security.
“This activity is counter to the commitment that all APEC [Asia-Pacific Economic Cooperation] economies, including China, made in November 2016,” said Andrew Hampton, director-general of the GCSB.
Read more about cyber security in ANZ
- The average value of fraudulent credit card transactions is more than double that of valid purchases in ANZ, underscoring the need for consumers to remain vigilant about credit card security.
- A McAfee executive attributes Australia’s poor cloud security record to the lack of data protection measures amid “new and confusing” cloud configurations.
- New Zealand is testing the resilience of its critical infrastructure in an exercise that brings together multiple agencies to protect assets of national significance
- In the first full quarter since Australia’s mandatory breach disclosure scheme came into effect, healthcare providers reported the most data breaches amid controversy over the national health record system.
“APEC economies agreed that they should not conduct or support ICT-enabled theft of intellectual property or other confidential business information for commercial advantage. New Zealand is committed to upholding the rules-based international order, and today joins like-minded partners in expressing that such cyber campaigns are unacceptable.”
Hampton said the GCSB had been aware of this campaign in early 2017 and had advised New Zealand organisations to take steps to protect their networks. It had also engaged with New Zealand subsidiaries of the targeted managed service providers to assist in their response.
“The GCSB has worked through a robust attribution process in relation to this campaign,” he said. “New Zealand attributes cyber incidents where it is in the national interest to do so. Our approach today is consistent with GCSB’s previous attributions of cyber activity.”