COVID-19 lockdowns make New Zealand business sitting ducks for a cyberattack
Lockdowns forcing New Zealanders to work from home have cyber security experts predicting a super-spread of cyberattacks across the country.
While large companies are generally the target of cyber criminals, Wellington-based cyber security expert Samrat Choudhury warns that now anyone is fair game.
"Lockdowns are hunting season for cyber criminals," says Choudhury, chief operating officer for UNIFY Solutions.
"Microsoft has reported eight trillion attacks across its systems every day.
"Although large companies are frequently targeted, what we have noticed in previous lockdowns in New Zealand and Australia is that cyber criminals have begun to heavily target small and medium sized businesses.
Choudhury says businesses of 500 to 1000 employees and medium-sized charities that do not have sufficient security in place were in the sights of cyber criminals.
"Medium and small business don't think it will happen to them, yet statistically we know that's not true," he says.
"In fact, 66 per cent of small to medium business worldwide have experienced a cyberattack of some kind in the past year.
The average cost of a data breach to a company US$2.82 million (NZ$4.1m), according to the IBM-Ponemon Institute's Cost of a Data Breach 2021 report, an increase of more than 30 per cent on the previous year. Companies take an average of 10 months to detect and contain data breaches. For example, the data breach experienced by the Reserve Bank of New Zealand earlier this year was estimated to be around NZ$3.5 million, not including the cost of improving processes as a result of the breach.
Choudhury says cyber criminals stalk an organisation looking for weaknesses.
"They will try to find easy entries by stealing an employee's identity, testing for less sophisticated systems, look for businesses without an IT team or one that is potentially distracted with trying to help keep their remote workforce online," he says.
"They will spend days testing cyber walls looking for a way in. The worst of it is, most times an employee will unwittingly hand the robber the key to the safe.
"It is frustrating for our team to see breaches that could have been easily prevented by simply better management of employee passwords and information.
According to a recent State of Cybersecurity Report by American independent researcher Ponemon Institute, small to medium businesses worldwide have reported 68 per cent of employee passwords were lost or stolen during the past year.
The most common attacks were through phishing emails, social engineering, compromising or stealing devices and credential theft.
"A cyber criminal can slip in, look around, check what they want over time, eventually take it and slip out without anyone knowing," Choudhury says.
"As individuals, we make all sorts of information available. We download and sign into social media, click links, enter websites, we reuse passwords and user names. We don't think twice about the identity risks and breadcrumb trail we're creating to our employer's system.
Choudhury says UNIFY Solutions has developed some of the world's leading technology in Identity Security.
"We have built highly complex cyber security identification, authentication and security systems for New Zealand government departments, numerous global businesses and are a trusted innovation partner of Microsoft," he says.
"We have several confidential trials in market now for global brands referred to us by Microsoft USA.
"Unify Solutions wants to be a disruptor to the cyber security industry and make cyber security more affordable and accessible for New Zealand's small and medium businesses," Choudhury says.
"My question to business leaders is always: can you afford to have your data stolen? For businesses between 500 and 1000 employees, there are no excuses not to have a cost-effective security solution in place.