Story image

Are you prepared for today's sophisticated cyber threats?

29 Sep 2015

With the threat landscape fundamentally changing, it’s more important than ever for businesses to educate their employees, according to Craig Columbus, Russell McVeagh chief information officer.

Columbus will cover this topic and join a number of other presenters at the NZTech Advance Security Summit, taking place next month.

He says, “In terms of the quality and quantity of attacks, the threat landscape is the worst I’ve ever seen it.

“The attacks I’m seeing now are very sophisticated - it worries and concerns me. There’s a belief among Kiwis that they won’t be targeted, that it’s only happening to other people, but this isn't the case."

In order manage risk, businesses need to start recognising the value and necessity of cyber security and data protection.

When the most common password used is still ‘123456’, security starts with education, says Columbus.

“Education is paramount. People don’t know what they don’t know,” he says.

Today businesses are targeted by very real attacks that are much harder to spot than spam emails or suspicious looking offerings.

For instance, some targeted attacks use cold calling to uncover specific information and unleash an attack on a specific business.

A call may be made to the accounting team, from what appears to be an accounting software specialist, and ask what accounting system the business runs as part of their pitch.

However, once the cyber criminals know what code the business is running, they can exploit and attack the business.

Recognising that the number of targeted attacks such as this is increasing drastically, Russell McVeagh launched a cyber security education programme this year.

The programme teaches employees about a variety of threats, including email scams, spear phishing and malware distribution. It also includes a section on social media.

All of this combines to give people general knowledge and best practices around cyber security, says Columbus.

Now, the programme is the first thing a new employee completes when they begin at the firm.

Furthermore, as the threat landscape is changing every day, with new exploits being discovered and developing constantly, all employees also attend regular sessions to ensure they are still following best practices, he says.

On top of this, internal newsletters are sent out to remind employees about what to do and what not to do, as well as highlight some of the latest threats and how to nullify them.

Columbus says the response to the programme has been positive across the board. While employees may begin the programme saying, ‘Why do we need this?’ they leave with a greater understanding of the necessity of cyber security and how to stop threats before they can do real damage, he says.

In fact, the programme has had a welcome side effect. Due to employees’ increased awareness of malicious attacks, they have started sending threat information to Columbus and the IT team.

“As a result of educating users, we get earlier alerts, are able to formulate an action plan quicker, and are building a threat database,” says Columbus.

Businesses have a reluctance to invest in programmes such as these, thinking that their employees have enough common sense, that they don’t have the time or the money, and it isn’t of great value - but none of these reasons hold up, he says.

“Common sense isn’t enough anymore. It may seem expensive or time consuming, but it’s been a good use of our resources – and when you think about the potential cost of an attack, the time and expense is worth it.

 “We have to change the way we approach security. Education is key and getting your people up to speed is half the battle,” says Columbus.

Taking place November 30 in Wellington, the NZTech Advance Security Summit focuses on securing our digital future in technology, and welcomes all those interested in learning more about business security.

For more information and to register today, click here.

General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
Flying high: How airline Scoot enhances the customer experience
Singapore Airlines’ low-cost arm Scoot has selected Dell Boomi’s platform help it better understand its customers – and its own business.
Chorus partners with Nlyte, expands edge data centre offerings
Chorus announced today that it is going ahead with expanding its Chorus EdgeCentre Colocation product to three sites across New Zealand.
Schneider shares advice for solving edge computing challenges
Schneider Electric has shared the findings of a new whitepaper that delves into the issues of deploying IT at the edge.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
Y Soft and Brother partner to enhance print management
YSoft SafeQ integrated print management and document capture solution is now embedded in Brother multifunction devices.
F5 acquisition of NGINX now complete
The companies have released blogs on the topic, explaining how NGINX will now operate as a unit of F5, and the benefits they expect this merger to bring.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.