Recent milder DDoS cyber compared to 2020.
A recent cyberattack – which affected ANZ, Kiwibank, NZ Post, and possibly MetService – were distributed denial of service (DDoS) attacks. Such attacks were unsophisticated and the effect appears limited, according to a number of media sources. These attacks were milder compared to the cyber attacks that brought the NZ stock exchange to a halt in 2020.
The more high-profile attacks and other cyber security incidents caused nearly $US17 million of direct financial losses in New Zealand last year alone, however most organisations still see it as an ‘IT problem’.
Cyber security expert and former Air New Zealand Chief Information Security Officer (CISO) Michael Wallmannsberger told Cert NZ that everyone still looks at the IT team whenever there’s an issue, but all business leaders have a role in cyber security.
“Before an incident, nobody wants to listen to the CISO. After the incident, everyone becomes a CISO,” he said. “Often the conversation about security problems turns to who stuffed up but looking for who to blame for these systemic issues doesn’t help respond to them more effectively.
According to Wallmannsberger everyone needs to start thinking of cyber security as a capability rather than just a deliverable.
“This change in attitude is really important because the reality is the cyber security issue has been a long time in the making and is only going to get tougher with time,” he said.
There are three areas that organisations can work on to help improve their defences and engage the rest of their people more effectively and there is a need to make it everyone’s issue by managing cyber security threats and responses through a cross-functional group.
Ransomware attacks are a growing concern for organisations following the recent string of high-profile incidents across the globe.
CERT NZ has seen a significant increase in ransomware reports in the second quarter of 2021 (April to June), compared to the first quarter of the year. Reaching a total of 30 reports, this is the highest number of ransomware reports made to CERT NZ within one quarter. These figures reflect an increasing trend in ransomware attacks globally over the past 18 months.
Ransomware can cause huge disruptions to businesses including loss of income, resource, and customer trust, and recovering from an attack can be extremely costly.
Attacks of this nature are not specific to one industry, or just a concern for bigger businesses. They can affect anyone working online, whether they are an individual or an organisation.
Ransomware attacks are generally financially motivated and cyber criminals target systems that have open avenues for attack. For instance, where someone has unwittingly clicked on a link or attachment contained within a phishing email.
Ransomware is a type of malicious software that encrypts files and stops people from being able to access their files or computer system until they pay a ransom.
Attackers have also begun to steal data and information from affected systems, which they use as extortion material to further coerce organisations into paying ransoms.
Ransomware infections generally occur through avenues such as phishing campaigns or more complex compromises of vulnerable software.
The impact of ransomware varies from case to case and depends on an organisation’s security measures for their information and infrastructure.
For example, if an affected business does not have backups, it could lose the data encrypted by attackers, which could impact operations. By having a good back up strategy your business will be able to get back up and running more quickly, with the minimal amount of disruption and without giving into attackers’ demands.
CERT NZ doesn’t recommend that anyone pay ransoms. There is no guarantee that you will get your files back. Also, you’re at risk of further attacks if an attacker sees you’re willing to pay a ransom.
Ransomware, like other cyber security issues, is easier dealt with by prevention instead of cure. You can protect yourself from a ransomware attack by taking the following simple steps:
- Be aware of phishing campaigns: As phishing is a common avenue for attackers to compromise and then infect systems, knowing how to spot a phishing email or website can help stop attackers from gaining access to your systems.
- Regularly install updates on software and devices to prevent attackers from exploiting vulnerabilities which they could use to get into your systems.
- Implement two-factor authentication (2FA), which is usually a code that’s sent to your phone or an authentication app to verify your identity, in addition to using a password. It adds another layer of security to your logins.
- Back up business and customer data so if it’s lost or stolen you can recover it quickly. Backing up your data on an external hard drive or cloud service will enable you to access stolen data quickly.
- Set up logs to record when actions are taken on your website and systems, and who’s done them. You will then be notified if any unusual or unexpected activity occurs.
- Have an incident response plan because no matter how well you prepare, things sometimes go wrong. Having a step-by-step plan will help you take control of the situation if the worst were to happen and will help reduce the impact on your business.
Even with great cyber security in place, things can still get through the cracks. Make sure you have hard copies of all important documentation, like business contingency and incident response plans, in the event you’re unable to access your system.