IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Exclusive: Aura sheds insights on the state of cybersecurity in NZ
Wed, 6th Mar 2024

In the ever-evolving domain of cybersecurity, businesses and organisations across the globe are facing mounting challenges to safeguard their operations from increasingly sophisticated cyber threats. In an exclusive interview, Alastair Miller, Principal Consultant at Aura Information Security, shed light on the current state of cybersecurity in New Zealand and offered invaluable insights into how businesses can navigate these turbulent waters.

Aura Information Security, a prominent player in the cybersecurity arena, delivers a dual approach to safeguarding digital landscapes. "We have two main streams," Miller explains, "the penetration tests stream, where we operate in an ethical hacker manner to identify system vulnerabilities before real attackers do, and the governance, risk, compliance, and security architecture side, which focuses on how security is governed, risks assessed, and systems designed."

Founded in 2007 and later becoming part of Kordia in 2015, Aura has grown to employ 40 specialists, offering their expertise primarily in Australia and New Zealand, though their reach extends globally due to their international clientele.

Miller highlights the cybersecurity landscape in New Zealand as "constantly changing, with attacks growing in scale and causing significant financial and operational damages." Recent examples, such as the operational shutdowns experienced by Auckland Transport, underline the severity and immediate impact these cyberattacks can have on essential services and business operations. "The incentive to pay a ransom becomes massive," Miller points out, emphasising the shift towards attacks that disrupt operations entirely, a trend that is only gaining momentum.

Global cybersecurity challenges mirror those faced locally, with geopolitical tensions and international cybercrime efforts impacting businesses worldwide. Miller notes the resilience of cybercrime organisations, which continue to operate and adapt despite efforts to dismantle them. "These organisations are quite resilient," he says, highlighting the difficulties in combating cybercrime on an international scale.

Artificial intelligence (AI) has emerged as a double-edged sword in the realm of cybersecurity. While AI can significantly enhance social engineering attacks through convincing fake communications, its defensive applications are still in their infancy. "Attackers are utilising AI to craft a variety of attacks, but on the defensive side, there is still uncertainty about how AI can be effectively used to counteract these threats," Miller observes. This imbalance gives attackers an edge, allowing them to experiment with AI in ways that defenders are yet to match fully.

When advising customers on mitigating cyber risks, Miller emphasises the importance of conducting thorough risk assessments. Surprisingly, many organisations have not adopted this critical practice. "Starting that culture of doing risk assessments," he says, "is crucial before even considering which controls might mitigate identified risks." This proactive approach marks a significant shift from the historically reactive stance many organisations have taken towards cybersecurity. 

The COVID-19 pandemic and the resultant shift to hybrid work environments have introduced new challenges and opportunities in cybersecurity. "COVID really helped people test their business continuity plans," Miller states, acknowledging the pandemic's role in encouraging organisations to think about secure remote work practices. However, this shift has also introduced additional security risks, with increased access points and the need for robust policies to prevent misuse of work devices by family members.

Aura serves a wide range of clients, from small businesses to large enterprises across various industries, without specialising in a specific market size or vertical. A key challenge Aura helps its clients overcome is elevating the importance of cybersecurity to the board level. "The culture comes from the top," Miller asserts, highlighting the critical role of executive buy-in for effective cybersecurity governance.

Miller's insights offer a comprehensive overview of the cybersecurity challenges and considerations businesses face today. With the landscape evolving rapidly, the need for robust, proactive security measures and the importance of executive engagement in cybersecurity has never been more critical.