IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
What NZ can learn from the Baltimore cyberattack
Tue, 21st May 2019
FYI, this story is more than a year old

New Zealand can take lessons from Baltimore in the United States which until a few days ago, was offline following a ransomware cyberattack for more than a week, FintechNZ general manager James Brown says.

“What would the economic impact be if Auckland, Wellington or Christchurch went offline? It would probably run into billions of dollars.

“How would we react in New Zealand? Baltimore's government rushed to take down most computer servers on May 7 after its network was hit by ransomware. Functions like 911 weren't affected but after eight days, online payments, billing systems and email were still down.

“No property transactions were conducted in the week following the attack, exasperating home sellers and real estate professionals in the city of more than 600,000. Most major title insurance companies prohibited their agents from issuing policies for properties in Baltimore,” Brown says.

The latest Baltimore attack comes just over a year after another ransomware attack slammed Baltimore's 911 dispatch system, prompting a worrisome 17-hour shutdown of automated emergency dispatching.

In the attack last week, the hackers demanded 13 Bitcoins (about $92,000) by last Friday. Agents with the FBI's cyber squad are helping city technology employees try to determine the source and extent of the cyber attack.

Brown says small steps can be taken to minimise the impact of a cyber attack in New Zealand.

“Some basic actions should be put in place straight away. Companies should install, use and regularly update antivirus and antispyware software on every computer used in their business and keep it updated.

“They should use a firewall for their internet connection and make backup copies of important business data and information – and back up often.

“Businesses must control physical access to their computers and network components and secure their Wi-Fi networks. Companies should make sure their employees only have access to the data they work with and they should all regularly change passwords.

“According to the Kaspersky Lab, the average annual cost of cyber attacks to small and medium-sized businesses was more than $US200,000 in 2014.

“Most small businesses don't have that kind of money lying around and, as a result, nearly 60 per cent of the small businesses victimised by a cyber attack in the US close permanently within six months of the attack.

Many of these businesses put off making necessary improvements to their cybersecurity protocols until it was too late because they feared the costs would be prohibitive, Brown says.