Story image

FintechNZ: Most NZ companies don't report cyber incidents

15 Jul 2019

Despite the 992 incidents that New Zealand businesses and individuals reported to CERT NZ between January and March this year, it’s likely that the true number of cyber attacks and incidents is much higher.

FintechNZ general manager James Brown says it’s encouraging to see that so many incidents are being reported, however the bigger question is how many are not being reported.

He says that barely 6% of New Zealand companies have adequate protection. 

“We also know that there are some fundamental basics that a company can put in place with no or minimal cost. People and staff still pose a great risk, so cybersecurity issues need to be high on the management agenda.”

90% of New Zealand businesses operate as a small or medium business, which raises another important question: If more incidents occurred, how would that impact New Zealand’s economy?

“We know that cyber incidents cost New Zealand about $1.7 million in the last quarter and phishing made up 45% of all incidents reported. But that's only the ones that have been recorded. Not every business wants to advertise they have been hacked for obvious reasons.”

He says that businesses can take small steps to minimise the impact of a cyber attack.

Some basic actions should be put in place straight away. Companies should install, use and regularly update antivirus and anti-spyware software on every business computer, and keep that software updated.

They should also use a firewall for their internet connection and make backup copies of important business data and information and back up often, he says.

“Businesses must control physical access to their computers and network components and secure their WiFi networks.  Companies should make sure their employees only have access to the data they work with and they should all regularly change passwords,” says Brown.

CERT NZ also says that the most common accounts targeted in cyber incident include cloud services, email, online banking, and social media.

“It’s easy to trust our email and other online accounts, assuming that a password will be enough to keep us protected,” adds CERT NZ director Rob Pope.

He says that attackers rely on that trust and exploit it to access accounts.

“One simple step people can take to protect their online accounts is to set-up two-factor authentication (2FA). Adding 2FA to your login process is a simple way of adding an extra layer of security to your accounts.”