As cyberattacks continue to increase in complexity and frequency, businesses need to stay vigilant with their security measures. The latest Cyber Security Insights Report from CERT NZ provides key insights into the state of cyber threats in New Zealand for Q4 2022. This report covers total incident reports, direct financial loss reported by victims, and other ways businesses can protect themselves from these threats.
While there are various cyber security threats, ransomware remains one of the most popular and dangerous. Having a robust security infrastructure in place is the best way to protect yourself from ransomware and other cyber-attacks.
Key Findings in 2022 Q4 CERT NZ’s Cyber Security Report
Overall, the total number of incidents reported to CERT NZ in Q4 2022 decreased 15% from the previous quarter. Despite this decrease in total incidents, ransomware attacks increased by 500%, while malware attacks saw an increase of 10%. The direct financial loss also decreased 61% compared to the prior quarter; however. Remember that Q3 saw a record-breaking loss, so it is important that businesses remain vigilant.
Total Number of Incidents Decreased 15% from the Previous Quarter
In Q4, CERT NZ saw a decrease in incident reports across most categories. Despite the total number of incidents responded to decreased, this doesn’t remove the need for Kiwi businesses to be cyber secure. The fact that individuals and companies are being affected just shows that cyber security continues to be a pressing issue.
Looking at the breakdown by incident category, you’d notice that phishing and scams & frauds continue to be the top cyber security threats in New Zealand.
What this tells us is that cybercriminals keep using these tactics over and over because it’s an effective way to gain access and exploit unsuspecting businesses or individuals.
Direct Financial Loss of $3.5m Resulting from Incidents
The total direct financial loss reported by victims in Q4 was $3.5m, which is a 61% decrease from the previous quarter. Despite this decrease, remember that the previous quarter’s direct financial loss saw record-breaking numbers—which was more than 2x the average loss.
Record-Breaking Ransomware Attacks to Kiwi Businesses
Ransomware continues to be a major concern for businesses in New Zealand, as the report saw an increase of 500% from Q3.
According to CERT NZ, “ransomware attacks over the past two years have tended to wax and wane,” but this was even more alarming because of downstream effects.
In other words, ransomware (and really other cyber threats) doesn’t just affect the company that was targeted, but also its suppliers and/or customers. This is concerning because it means that cybercriminals are becoming even more sophisticated in their tactics and methods.
Downstream Effects of Cyber Threats
The rise of cyber security threats is an increasingly worrisome issue to businesses, particularly for companies that hold vast amounts of data for thousands of customers. Such is the case for many SaaS companies that provide industry-specific services and software solutions.
For example, in the second half of 2022, LastPass, a popular password manager, suffered an unauthorised access incident. While no customer data was accessed during this incident, the attacker used the technical information stolen to target another employee and gained unauthorised access which allowed them to copy a backup of customer vault data.
While LastPass claims the encrypted fields remained secured with 256-bit AES encryption, other fields such as website URLs and other unencrypted notes you may have stored in the vault were exposed.
So despite you, the individual, being vigilant, using 3rd party tools which we have all become dependent on, can still be vulnerable. This demonstrates how cyber security threats don’t always attack one company directly but can also affect other companies through the supply chain.
How Kiwi Businesses Can Protect Themselves from Growing Cyber Threats
There are a lot of simple, yet effective ways that Kiwi businesses can protect themselves from cyber security threats. By staying vigilant and having the right measures in place, a business can dramatically reduce their risk of falling victim to these malicious attacks. Below are some of the cyber security tips you can implement right away:
- Multi Factor Authentication (MFA) – As the name implies, MFA is a multi-step authentication process that requires users to provide two or more pieces of evidence when logging into an account, such as a password and a code sent via text message or email, making it harder for hackers to access accounts without permission
- Application Allowlisting – allowlisting is a type of software restriction policy which limits the execution of applications based on their digital signature or other identifying characteristics like file name, pathname, publisher etc., preventing malicious programs from running on computers
- Regular Backups – having regular backups can help you recover quickly if your system gets attacked by ransomware; employ 3-2-1 backup system where you have three copies stored in two different locations with one copy offsite so that you don’t lose your data
- Create an Incident Response Plan – having a plan in place to respond to cyber security threats can help you protect your business from any future incidents; this plan should include the roles and responsibilities of employees, contact information for third-party vendors and other relevant stakeholders, as well as step-by-step procedures for responding to threats
By implementing these tips, Kiwi businesses can be better protected against cyber security threats and reduce the risk of a data breach. Additionally, it’s important to have frequent employee training and awareness programs so everyone is aware of the risks associated with cyber security threats. By doing this you can ensure that your business is secure and safe.
Need Help Improving Your Cyber Security?
Cyber security threats are a growing concern and Kiwi businesses need to be aware of the potential risks these threats can pose. Remember that by implementing the right measures, they can help protect their business against cyber criminals and keep their important data safe and secure.
If you need help improving your organisation’s security posture, or are simply unsure of the best steps to take, don’t hesitate to reach out to our team. iT360 can provide guidance, perform security audits and even develop custom solutions to cater specifically to your organisation’s needs. Contact us today to learn more about our cyber security services!