Another week, another data breach in the news. This time it was the much maligned ride hailing app Uber that was found to have fallen victim to hackers and chose to pay them US$100,000 to delete the data and keep their mouths shut. (Hint: If you're a rider or a driver, don't forget to change that password).
With anything cyber being seen as increasingly sexy by a 24/7 global media machine, you don’t have to wait long these days to hear of another innovative hack or an attempt to quantify the impact that breaches and attacks are having on businesses.
On Thursday, as hordes of security professionals attended the inaugural BSides security conference in Wellington, my former employer, the National Cyber Security Centre (NCSC) released its latest unclassified threat report. In the reporting year from 1 July 2016 to 30 June 2017, the NCSC recorded 396 incidents in New Zealand, and took pains to note that the figures “represented only a small proportion of the amount of cyber crime happening within New Zealand.”
The report highlighted an independent evaluation of the agency’s advanced cyber threat detection and disruption capabilities – collectively dubbed CORTEX – which were found to have reduced harm by $39.47m in the 2016-17 year. The document went on to state that the potential impact of advanced cyber harm on New Zealand’s nationally significant organisations was “in the order of $640m annually.”
What stood out in the NCSC report for me was the fact that phishing remained the most common delivery mechanism targeting significant information infrastructures. This matches up with CERT NZ’s first quarterly report on incidents they handled earlier in 2017, with phishing comprising 34% of all analysed attacks.
For any business wanting to defend against cyber attacks, threat intelligence from both these bodies helps to paint a picture of the current New Zealand environment. Attack modelling allows security professionals to assess and rank the risks that their organisations may face and prioritise their resilience-building efforts across prevention, detection and recovery.
Closing the Mobile Security Gap
The modern workforce is no longer operating within a fixed perimeter on immobile beige boxes. The data and applications that staff access can be located anywhere. Tablets and smartphones now provide always-on access via any available network with an estimated 80% of Kiwis using smartphones to go online.
Security challenges can include physical loss or theft, and phishing and smishing attacks that are more effective on a small screen in the hands of a habituated link clicker. Unsecured public Wi-Fi networks can also introduce new dangers for staff operating on the road.
On 6th December, I’ll be talking about mobile device threats as part of an Origin Security and Optinet invitation-only event designed to highlight ways to protect modern endpoints. Optinet is an Origin-owned specialised enterprise security provider with an exceptional track-record and reputation since 1991. If you’re keen to hear more about the rise of mobile malware and how Optinet can help you defend your modern endpoints, drop me a line here.