CYBER SECURITY
Big increase in cyberattacks reported by NZ businesses CERT NZ’s latest report, released in late March, shows a 65 percent increase in reports of cyber security incidents over the past year, with $16.9 million in direct financial losses.
In 2020 CERT NZ, the government agency that supports organisations and individuals affected by cyber security incidents, received 7,809 reports of cyber security incidents affecting New Zealanders, a significant uplift from the 4,740 reports made in 2019. “More Kiwis spent time online last year due to the impacts of COVID-19, presenting many opportunities for cyber attackers,” says CERT NZ Director, Rob Pope. Phishing and credential harvesting, where an attacker collects personal data to perform an array of online crimes like fraud, was the most reported form of attack during 2020. These types of incidents were up 76 percent on 2019, accounting for 41 percent of all reports made. “Unfortunately, these figures are not surprising. Cyber attackers are opportunistic and use anything topical as a hook to try and trick people into sharing personal or financial details,” says Mr Pope. The amount of money Kiwis are losing to cyber security incidents is also on the rise. In 2020, cyber security incidents left New Zealanders $16.9 million dollars out of pocket, the highest annual figure recorded by CERT NZ since it launched in 2017. In total, $53 million dollars of direct financial loss has been reported to CERT NZ since reporting began. “Most cyberattacks are financially motivated. However, our figures do
46
NZSM
not paint the full picture of the types of loss Kiwis have experienced,” says Mr Pope. CERT NZ figures show 14 percent of cyber security incidents reported in 2020 were associated with some type of loss including financial, operational, reputational or data. “From a financial perspective, the impacts of a cyberattack can snowball. A business may lose revenue because its website has gone down, meaning it’s unable to trade online. This greatly impacts individuals’ livelihoods and therefore has a knock-on effect on the economy. “Businesses also incur additional costs recovering from a cyber incident, like hiring IT professionals to mitigate any further security issues, which can take months or even years to fully restore. This can result in loss of customer trust. “For an individual, there can be serious ramifications if their
personal data has been stolen and used to conduct online fraud. As well as having to obtain new personal identification documents, they could experience a detrimental effect on their credit rating making it difficult to secure a mortgage or financial loan. “While the effects of a cyber security incident can be devastating, it may have been possible to avoid these significant losses by taking some simple steps. “This includes taking measures like good password practice, implementing two-factor authentication as an extra layer of security on logins, making sure software on devices are up-todate, regularly backing up data, and thinking about how and where you share personal information.” If you or your organisation experiences a cyber security incident contact CERT NZ at www.cert.govt. nz or call 0800 CERT NZ, Monday to Friday, 7am – 7pm.
April/May 2021
