The Government Communications Security Bureau (GCSB) has warned New Zealand businesses to improve their cyber security measures to protect themselves from increasing interference by foreign states.
The GCSB, which worked on approximately 340 cyber incidents last year, confirmed that hackers have been targeting several sectors of the economy – including major exporters, holders of crucial intellectual property, and operators of critical infrastructure.
“They’re the ones who we would say are most susceptible to those complex, persistent, state-sponsored type actors,” Andrew Hampton, director-general of the GCSB, told RNZ. “Some of it is directly targeting those organisations ... sometimes, unfortunately, we see actors seeking to use New Zealand infrastructure so they can attack someone else.”
The GCSB’s 2018 study revealed that only a few businesses were taking information security risks seriously while some were not even recognising the risk at a board or executive level.
Fewer than one in five of the 250 organisations surveyed by the bureau had a dedicated executive to deal with information security. At the same time, more than 40% were barely confident that they would be aware if someone hacked their systems.
“Organisations are now in the process of implementing this [advice], and it still waits to be seen the extent to which they’ve done that,” Hampton said – highlighting that “basic cyber hygiene” would go a long way to protecting many businesses.
“The more those organisations can do – on those basics around passwords, around access, around keeping their patches up to date ... the more we [the GCSB] will be able to focus on those high-end threats,” Hampton concluded.