IT Brief New Zealand logo
Technology news for New Zealand's largest enterprises
Story image

Coping with increasing cybersecurity challenges (from the good side and the bad!)

By Contributor
Wed 12 Jan 2022

Article by Varonis VP of APAC, Scott Leach.

Let’s spare a thought for cybersecurity professionals as we look into our crystal ball to see what 2022 holds. They’ll be under increasing pressure from the ‘bad guys’ and the ‘good guys’ as well. No matter what industry these professionals work in, it will become more challenging to secure data and maintain compliance with government regulations.

It should come as no surprise that the volume and sophistication of attacks will increase — this trend has been accelerating for years. But more effort will be needed to maintain regulatory compliance. Forthcoming legislative changes, such as the mandatory disclosure of ransomware payments, will see many organisations struggle to maintain compliance with evolving government regulations.

And organisations will find it tougher to obtain the protection and peace of mind that comes from cyberthreat insurance. Faced with the increasing size and proliferation of ransomware payments, insurers will get tougher, and cover will become more expensive, making it financially unviable for many organisations. Here are some more details on what we can expect in 2022.

Ransomware costs will ramp up

The 2020-21 financial year saw more Australian organisations suffer ransomware attacks than ever before, with the ACSC recording a 15% per cent increase in ransomware reports from the previous financial year. Ransomware and other cyber-attacks cost the Australian economy around $3.5 billion a year. A magnitude increase in that figure should be expected in 2022.

Australian organisations are the most willing in the world to pay a ransom if hit by an attack, according to a report by analyst firm IDC. The report notes that 60 per cent of Australian companies are willing to pay a ransom, compared to 49 per cent for both the second and third most likely countries, Brazil and Singapore, respectively. Most recently, JBS foods paid a $14.1 million ransom demanded following an attack. 

Use of deepfakes and AI by cybercriminals will ramp up

In October, Forbes reported how an elaborate exercise in cyber deception could have stolen as much as $US35m from a Hong Kong-based bank. A key feature of the scam was a deep fake voice - hackers cloned the voice of a familiar company director. They sent this to the bank manager, alongside some very convincing emails to legitimise the phone call. 

Forbes said the incident had occurred in early 2020 and was “only the second known case of fraudsters allegedly using voice-shaping tools to carry out a heist.” Unfortunately, it won’t be the last. And these deceptions will increase in sophistication as scammers hone their skills and as deep fake technology evolves.

Many will go without cyber insurance

Insurers are placing increasingly stringent contractual obligations on organisations seeking cybersecurity insurance, particularly those that have previously fallen victim to attack. The result will be one or other party walking away from cyber insurance contracts. For insurers, the risks might be too high. For organisations, the costs of insurance premiums will be too high, or the requirements too onerous.

Organisations with existing policies can expect to face more scrutiny and audits by insurance providers to demonstrate they have the proper cyber controls and cyber hygiene measures in place.

In January 2021 the Harvard Business Review reported: “While companies might look to cyber insurance to protect themselves from … growing [cyber] risks, there’s another problem: there might just not be enough money in the still emerging sector to cover their needs.” It suggested they would need to seek alternative, innovative protection measures.

Regulation will get tougher

The newly-introduced Security Legislation Amendment (Critical Infrastructure) Bill 2021 has not only expanded the definition of critical infrastructure but also imposed much more stringent cybersecurity requirements on organisations within this category. As a result, organisations in sectors such as food and grocery, higher education and water and sewerage, which were never considered to be critical infrastructure before, now have a massive range of new regulations imposed on them. Many of these organisations will be critically underprepared for this and struggle to meet new compliance measures, leading to more fines and other penalties. 

Supply chain attacks will continue to increase

This will be one of the biggest cybersecurity issues in 2022 and a tough one to counter. The European Union Agency for Cybersecurity (ENISA) predicted in July that the number of supply chain attacks in 2021 would be four times greater than the number in 2020.

ENISA analysed 24 attacks and concluded, “strong security protection is no longer enough for organisations when attackers have already shifted their attention to suppliers.”

To function effectively, supply chains rely on the exchange of data (often highly-sensitive in nature) by various links throughout the chain: a compromise of just one link can easily become a compromise of many.

We expect organisations in supply chains, especially the lead members, to start requiring details of partners’ security measures and demanding audits. These requirements could even extend to parties one step removed from the chain.

Some good news

The good news for cybersecurity professionals confronted by all these challenges is that unemployment is unlikely to be one of them: their skills will be in high and growing demand for the foreseeable future.

(ICS)2’s Cybersecurity Workforce Study 2021 reported that the number of cybersecurity workers in Australia had grown from 107,000 in 2019 to 135,000 in 2021 and said an additional 25,000 were needed to sustain its growth in 2022 and beyond.

Related stories
Top stories
Story image
Cloudera
Overcoming hybrid and multi-cloud challenges to drive innovation
Driven by improvements in technology, financial services companies have advanced both internal and external systems and processes, with the likes of digitisation, personalisation and risk management redefining the industry.
Story image
Digital Transformation
Stax and Consegna partner to accelerate modernisation
According to a statement, the new alliance will help both companies expand their reach across the region and realise joint goals.
Story image
Gartner
Gartner's top recommendations for security leaders
"Leaders now recognise that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, philosophy, program and architecture.”
Story image
Trend Micro
5G network projects driven by improving security and privacy
Trend Micro's new study reveals the prospect of improved security and privacy capabilities are the main motivations behind private 5G wireless network projects.
Story image
Internet of Things
Domino's Pizza: A blueprint for secure enterprise IoT deployment
Increasingly, organisations are embracing smart technologies to underpin innovations that can enhance safety and productivity in every part of our lives, from industrial systems, utilities, and building management to various forms of business enablement.
Story image
Microsoft
TO THE NEW unveils A/NZ Managed Services for Microsoft Azure
TO THE NEW has released Managed Services for Microsoft Azure to meet the growing demand in the A/NZ market and globally.
Story image
Internet of Things
Global 5G subscriptions to top one billion by the end of 2022
Global 5G subscriptions are predicted to pass the one billion milestone by the end of 2022, according to a new report.
Story image
Sustainability
Honeywell launches new carbon energy management software for buildings
The new Carbon & Energy Management service allows building owners to track and optimise energy performance against carbon reduction goals, down to a device or asset level.
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Story image
Microsoft
Volpara, Microsoft project to detect cardiovascular issues
Volpara Health Technologies is working with Microsoft on a research and development project to speed up creating a product that detects and quantifies breast arterial calcifications (BACs).
Story image
Government
Cyclone selected as NZ MOE software licensing partner
Following a recent Request for Proposal (RFP), Christchurch-based company Cyclone Computer Company Ltd (Cyclone) has been selected as The Ministry of Education’s software licensing partner.
Story image
Infrastructure
VMware wins Google Cloud partner award for infrastructure modernisation
The cloud computing and virtualisation company was recognised for its achievements as part of the Google Cloud ecosystem.
Story image
Manufacturing
Sternum joins NXP, collaborates on IoT security and observability
Sternum has announced it has joined the software partner community of NXP Semiconductors, a manufacturer of and large marketplace for embedded controllers.
Story image
Cybersecurity
Significant security concerns resulting from open source software ubiquity
"The risk is real, and the industry must work closely together in order to move away from poor open source or software supply chain security practices."
Story image
Shouta
The rise of digital gifting in the workplace
The name itself does most of the explaining; it’s a gift you receive virtually. But a misconception about digital gifts is that they need to be redeemed virtually as well. 
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
Digital Transformation
Cybersecurity priorities for digital leaders navigating digital transformation
In recent years, Asia-Pacific has especially been a hotspot for cyberattacks, and as we continue into 2022, it’s evident that the problem is becoming more significant.
Story image
PagerDuty
Ready for anything with the PagerDuty Operations Cloud
In a world of digital everything, teams face increasing complexity. Ever-growing dependencies across systems and processes put customer and employee experience, not to mention revenue, at risk.
Story image
Cybersecurity
The link between cybersecurity, extremist threat and misinformation online in Aotearoa
Long story short, it's often the case that misinformation, threat and extremism link closely to cybersecurity issues and cyber harm.
Story image
Cybersecurity
Why is NZ lagging behind the world in cybersecurity?
A recent report by TUANZ has revealed that we are ranked 56th in the world when it comes to cybersecurity - a look into why we're so behind and what needs to be done.
Story image
Tech job moves
Tech job moves - ActiveCampaign, Arcserve, LogRhythm & Qlik
We round up all job appointments from June 17-22, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Collaboration
IT and security team collaboration crucial to data security
Many IT and security decision makers are not collaborating as effectively as possible to address growing cyber threats.
Story image
Market growth
Salesforce unveils new offerings for consumer goods companies
Salesforce has announced new products for consumer goods companies to help brands navigate increasing market complexity more easily.
Story image
trust
Consumers want personalisation, but don't trust brands with their data
Customers expect personalisation during every brand interaction but they don't trust brands to keep their personal data secure and to use it responsibly. 
Story image
Talend
Forrester names Talend Leader in enterprise data fabric
Forrester has named Talend a leader among enterprise data fabric providers in the Forrester Wave: Enterprise Data Fabric, Q2 2022 report.
Story image
Secure access service edge / SASE
Cloudflare adds new capabilities to zero trust SASE platform
New features for Cloudflare One include email security protection, data loss prevention tools, cloud access security broker, and private network discovery.
Story image
F5 Networks
Telstra, F5 team up to bolster services and solutions
“This partnership demonstrates our ongoing investment into APAC as we continue delivering high value services and solutions to our partners and customers."
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Story image
Phishing
Online identity theft is rising in NZ - here’s what to do about it
It may start with a few stolen details online, but it could end with thousands of dollars missing or worse, a reputation down the drain.
Story image
Testing
Video: 10 Minute IT Jams - An update from Tricentis
Tricentis provides software testing automation, and software quality assurance products for enterprise software.
Story image
Cybersecurity
Threat actors ramp up their social engineering attacks
As people get better at identifying potential threats in their inbox, threat actors must evolve their methods. Their new M.O? Social engineering.
Story image
Contact Centre
Customer service agents don't want to return to contact centres
A new report has revealed that 85% of customer service agents want to work full-time at home and not return to contact centre offices.
Story image
Infrastructure
Global investment in data centers more than doubled in 2021
DLA Piper's latest global survey finds the total investment in data center infrastructure worldwide rose from USD $24.4 billion in 2020 to USD $53.8 billion in 2021.
Story image
B2B
Corpay partners with supply chain platform PracBiz Exchange
Corpay's new partnership with PracBiz’s allows more than 4000 B2B suppliers on the latter's platform to use Corpay's global payments services.
Story image
Cloud
Cloudflare outage in 19 data centers worldwide due to own error
Cloudflare says its outage for 19 of its data centers yesterday was because of a change in a long-running project to increase resilience in its busiest locations.
Story image
DNS
DigiCert acquires DNS Made Easy and affiliated brands
Greg Clark comments, says, "This combination enhances the security of certificate validation and enables the automation of future validations."
Story image
Microsoft
SMX partnership with Microsoft leads to NTT recognition
SMX has captured the attention of NTT after receiving positive reviews from businesses across Australasia and beyond for its email security.
Story image
Commerce Commission
ComCom puts electronics sector on notice over resale price maintenance
The Commerce Commission has concluded an investigation into allegations that television manufacturers were engaging in illegal resale price maintenance.
Story image
Amazon Web Services / AWS
Zscaler, AWS accelerate onramp to the cloud with zero trust
Zscaler has announced an extension to its relationship with Amazon Web Services, as well as innovations built on Zscaler's Zero Trust architecture.
Story image
Cybersecurity
Aqua Security, CIS create software supply chain security guide
Aqua Securityand the Center for Internet Security have together released the industry’s first formal guidelines for software supply chain security.
Story image
Dark web
Cybercrime in Aotearoa: How does New Zealand law define it?
‘Cybercrime’ is a term we hear all the time, but what exactly is it, and how does New Zealand define it in legal terms?
Story image
Citrix
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
Story image
Entelar
How TruSens air purifiers can create healthier workspaces
The pandemic has heightened our awareness of our own and others’ health, and made us all much more conscious of the environments we work in.
Story image
Training
Employers look to hire inexperienced coders due to skills shortage
"Even inexperienced workers without prior qualifications or experience had managed to pivot to new roles in coding as long as they are willing to upskill."