Reported cybersecurity incidents have reached a record high, according to Cert NZ’s latest quarterly report.
From July 1 to September 30, the cybersecurity agency received more than 2600 incident reports from individuals and businesses; the highest number to date and a 33 per cent increase on the second quarter. The reported, direct financial loss was at $6.4m (the average quarterly loss, based on 14 quarters, was $3.6m.)
Attacks circulated by email were among the most commonly reported incidents. In particular, a variation of malicious software, or malware, called Emotet, which is spread through email links or attachments, was responsible for a 34 per cent increase in malware reports on the previous quarter.
In a statement, Cert NZ’s director Rob Pope said the figures weren’t surprising given the recent spate of distributed denial of service (DDoS) attacks, ransomware and online scams.
* What can NZ organisations learn from the recent cyber attacks?
* Give yourself an online privacy and security check-up
* The Detail: Creepy or helpful? The pros and cons of data collection
In September, a wave of cyberattacks exposed worrying vulnerabilities in some of New Zealand’s key institutions. Most notably, for six days, the nation’s stock exchange – where tens of millions of dollars in shares are traded each working day – was laid low by the attacks.
Most of the DDoS attacks were volumetric attacks, meaning they worked by overloading websites with more traffic than they’re able to manage.
“These incidents serve as a wakeup call for Kiwis to tighten up their online security,” Pope said.
He encouraged New Zealanders to update their operating systems and software, ensure they use long, strong and unique passwords, and install antivirus software.
Of the reported incidents which provided a financial loss value, 13 were over $100,000.
Five involved the unauthorised transfer of money as a result of businesses having their email accounts compromised. Two related to “a new job or business opportunity” and the remaining related to scams including cryptocurrency, investment, fake lottery or prizes, and romance scams.
The finance and insurance sector accounted for 60 per cent of reports about incidents affecting organisations.
Holiday season warnings
Security experts are warning shoppers to keep an eye out for holiday season scams.
The Domain Name Commission along with InternetNZ built a fake webshop to help Kiwis spot signs of dodgy e-commerce.
The site warns, if a discount seems too good to be true, then it probably is. A quick web search along with the terms “scam” or “review” will often go a long way towards alleviating, or reaffirming, concerns.
Changes to the Privacy Act
The country’s new Privacy Act comes into effect on December 1, 2020.
Changes include the introduction of a privacy breach notification regime. This means if an organisation experiences a data breach where private information is lost or stolen, and believes the breach could result in serious harm, it’s required to notify the Office of the Privacy Commissioner and affected individuals as soon as possible.