"New Zealand businesses are vulnerable to increasingly sophisticated breaches of their cybersecurity. But there are tricks and tools to help keep your company’s data safe."
Security research commissioned by Vodafone and Dr Ryan Ko, Head of Cyber Security Lab at the University of Waikato, revealed some worrying figures; more than half (56%) of the 500 NZ businesses surveyed claim to be attacked at least once a year.
When you consider the many forms these security breaches can take – from virus and malware threats, through to data loss due to hardware failures and loss of IT assets – it becomes apparent that security is a complex issue.
The reality is, cybercrime is getting smarter and serious attacks more prolific. Which means getting ready to invest in advanced security measures should be as basic a business decision as locking up when you go home at night.
How secure are New Zealand businesses really?
Many New Zealand businesses have substandard security measures at best. Only 38% are prepared for social engineering attacks, and only half of the businesses surveyed had an IT security policy in place. A quarter of businesses (26%) are not even aware of the more malicious APTs (Advanced Persistent Threats).
The research also revealed that New Zealand’s primary industries such as construction, trades services, agriculture, forestry and fisheries have the poorest understanding of cyber security threats and are the least prepared. This is a great concern given the high importance of these industries to the New Zealand economy. Worse still, six in ten companies surveyed say they will not be increasing IT security measures in the next 12 months. Vodafone’s Head of Security, Colin James, believes this is a clear indication that New Zealand businesses don’t realise how open to attack they are.
“Adequate business data protection is your first line of defence against both cybercriminals and accidental data loss, and is one place the kiwi ‘She’ll be right’ attitude does not belong,” he says.
Security threats are becoming more sophisticated
In September this year, a Japan Airlines breach saw malware installed on 23 company computers, exposing the personal data of 750,000 people. In the same month, more than 90 of JP Morgan Chase’s servers were affected, giving hackers the ability to view information on a million customer accounts.
These attacks are representative of a growing trend of Advanced Persistent Threats (APTs), which are very hard to protect against. Social engineering and profiling of employees now target human nature, increasing the risk of hackers gaining access to valuable intellectual property or financial assets via phishing emails, cold calling and brute-force (trying different passwords to enter a system).
Threats are complex, sinister and sophisticated. Some of our key industries are under threat and unaware of how attacks might destabilise their organisations. And cyber criminals aren’t going to let up.
BYOD and developing a security strategy
Times are changing and there has been a huge global shift to mobilising the workforce — enabling employees the flexibility to work where they want, when they want and from any device. Businesses that want to embrace this new way of working need to consider the implications of Bring Your Own Device (BYOD) and smarten up security measures.
It’s important that businesses realise that company data no longer lives within the walls of the organisation.
The good news is there’s nothing stopping people from bringing their devices to work or working from outside the office if the right security tools are in place. Mobile device management is currently the biggest growth area as businesses invest in tools that will protect both data and devices while giving employees the flexibility they need.
“The more you mobilise your employees, the more data you store in the cloud – the bigger the responsibility to ensure information is really secure. Policies such as central device management, securing devices, secure connection to the network, and the ability to lock and wipe devices remotely are now essential,” says James.
Are you ready to protect your business?
Protecting your business from security threats doesn’t have to be complicated. It starts with small things like implementing a secure password policy for company devices, preparing staff for social engineering attacks, doing regular backups in case of ransomware threats, or advising your people about the hazards of using public WiFi. The key is to be prepared and ensure business continuity.
“Sticking your head in the sand and saying ‘nothing bad is going to happen’ is not a security policy. Unfortunately, security breaches are a reality and in some cases can even go unnoticed. Accepting that there are risks is essential to moving forward,” says James. “Potentially, your business will need to face a serious threat – so what are you going to do to protect it?”
Find out more