NZ slow to respond to 'industrialised' hacking

Unitec's cybersecurity research centre would help bolster NZ's defence against attacks. Photo / Thinkstock

New Zealand businesses have been slow to respond to the worldwide trend in automated cybersecurity attacks, says a US expert.

Those views have been endorsed by a local security consultant, who said being far away from the rest of the world was no longer a safety guarantee for New Zealand.

Mark Kraynak, senior vice president of Imperva, said modern hacking tools meant cyber criminals can quickly and easily scan the internet for vulnerable websites and launch attacks.

As a consequence, small or medium-sized Kiwi businesses which may once have been off the radar were becoming targets.

"Now that the bad guys can find anyone online, that's changed. They've figured out that the little guys are actually pretty good targets," Kraynak said.

"It's probably true that criminals weren't paying much attention to New Zealand but it's become easier for organisations to find places to attack here."

Imperva is a US- headquartered data security company looking to ramp up its profile in New Zealand. The company claims data attacks in New Zealand are ten times higher than in Australia, on a per capita basis.

Kraynak said Kiwi businesses, even the big banks, had generally been slow to react to the "industrialisation" of cyberattacks.

Where other countries had hardened themselves to attacks, New Zealand was lagging behind and businesses needed to lift their security standards.

He said New Zealand companies tended to deploy software too casually and without putting adequate security settings in place.

An example was the popular collaboration tool SharePoint, which was typically deployed on "a piece-meal basis". Security was often an afterthought, he said.

"Developers are installing default controls, however there are no plans or policies for security risks. The high level of malicious attacks will continue until these basic controls are addressed by businesses of all sizes."

As well as the risk of losing valuable data, having malware planted on your website could also result in a business being blacklisted by Google, he said.

"You won't only drop off the search results but a big warning will also flag up every time someone searches for you. That will put you out of business because it's how other businesses find you."

Andy Prow, managing director of local company Aura Information Security, agreed that New Zealand had been "behind the eight-ball" with its cyber security.

"A lot of that is because we have not come under great target to date," Prow said. "We've had the luxury of not having to worry much."

Kiwis had historically not seen the Internet as being a hostile place, he said.

"Geography has bought us some time but these days, the internet doesn't care about geography."

According to a report from Norton, more than 900,000 people fell victim to cybercrime in the year to September 2012, costing the country $462.9 million in direct financial losses.

The most common type of cyber crime in the year was computer viruses and malware, followed by online scams and phishing.