White-hat hacker Jackson Henry.
Jackson Henry isn’t your usual 17-year-old.
At an age when most teenagers would be desperately trying to decide what to study at university, he has already garnered a reputation for hacking into the United Nations website.
This has seen him quickly delve into the world of cybersecurity, offering advice to businesses on improving their cybersecurity as a white hat hacker - a person paid by firms to check the solidity of their cybersecurity.
The Australian says he didn’t ever expect to be able to hack into the UN, but was surprised by how fast he was able to identify a gap in their security.
“It’s actually funny because I was looking for an organisation that ran a vulnerability disclosure programme,” Henry tells The Front Page podcast.
“That’s a policy that allows hackers to come in and see if they could find any issues. I stumbled across many smaller organisations that had these policies, but when I found out that the UN had one, I was like ‘there’s no way we’re going to be able to find anything’.”
Henry says he worked with a few friends and they were also to get into the UN within six hours.
“We stumbled across a data set that was inadvertently exposed and revealed 100,000 highly sensitive records. They varied, but there was personally identifiable information, as well as documents about ongoing projects and funding reports.”
Hacking into the United Nations website is an impressive feat for any 17-year-old, but Henry is more worried about what this says about the state of cybersecurity across organisations.
“These larger organisations that often have funding aren’t as secure as I would have thought, so what does that mean for small to medium-sized businesses that don’t have the resources and lack the time? How insecure are they?”
Locally, we’ve seen major organisations - including the Waikato District Health Board and health insurer Accuro - hit by cyber-attacks. But it isn’t only big organisations being targeted.
A recent study commissioned by Mastercard revealed that 132,000 New Zealand business leaders had suffered cybersecurity issues – of which 29 per cent claim they experienced financial losses as a result.
What’s most striking about this study is that it also showed that more than a quarter of small businesses in Aotearoa have been forced to make cuts to cybersecurity due to the current economic environment.
A further 64 per cent also said they were actively looking to scale down business costs, which could lead to cutting cybersecurity in favour of initiatives that drive immediate revenue.
“By their very nature, [small- to medium-sized businesses] are at a point where they’re far more concerned with customer acquisition and scaling, and cybersecurity is often at the bottom of the priority list or not even considered at all.
“That’s understandable, but the biggest mistake I see from small- to medium-sized businesses is having a sense of complacency and thinking that they couldn’t possibly be a target of cyber attack. That’s a common misconception.”
So what can businesses do to protect themselves better? And are big bureaucracies that work for us at risk of being caught up in more hacks?
Listen to the full episode of The Front Page to hear more from Henry on keeping your digital doors double-padlocked.
The Front Page is a daily news podcast from the New Zealand Herald, available to listen to every weekday from 5am. It is presented by Damien Venuto, an Auckland-based journalist with a background in business reporting who joined the Herald in 2017.
You can follow the podcast at iHeartRadio, Apple Podcasts, Spotify, or wherever you get your podcasts.
'I can imagine people being outraged that TVNZ signed a deal with me.'