Cybercriminals are upping raids against Kiwi companies by exposing new weak points - even though many organisations are bolstering their cybersecurity defences.
Wenzel Huettner, co-founder and chief cybersecurity architect at Defend, a New Zealand-owned cybersecurity company, says attackers are increasingly targeting company suppliers.
"While many larger Kiwi companies have been doing well in building their resilience and capability against cyber threats, malicious cyber attackers look for their weak points; where they might be vulnerable," he says.
His comments come following Vodafone New Zealand's recent purchase of a majority shareholding in Defend to build a more cyber secure Aotearoa.
Huettner says one area where companies are potentially at risk is in their supply chains which are often made up of smaller companies not as well defended against cyber threats and which offer an alternative path to access and compromise systems and networks.
"This is a key trend we are seeing globally," he says. "This is partly because, as Covid has led companies to improve cyber resilience to combat risks from hybrid and remote working, attackers have been forced to look for alternative opportunities to launch raids."
Vodafone's move - it has taken a 60 per cent stake in Defend to bolster its cybersecurity capability - has taken place against a backdrop of an alarming increase in cyberattacks on large New Zealand organisations, small businesses and individuals.
In 2021, 8831 incidents were reported to the national Computer Emergency Response Team (Cert NZ), a 13 per cent increase on 2020 and well up on the 1131 reported just four years earlier in 2017. The total financial loss in 2021 reached $16.8 million.
New Zealand's National Cyber Security Centre (NCSC) says in a typical month it detects 13 cyber intrusions affecting one or more nationally significant organisations through its cyber defence capabilities and receives 21 new incident reports or requests for assistance unrelated to these capabilities.
In 2020-2021 NCSC says it prevented an estimated $119 million worth of harm to New Zealand's nationally significant organisations.
Hits on supply chains are growing even faster. UK-based cybersecurity consultants, NCC Group, says globally these attacks have increased by 51 per cent in the last six months.
Even more worryingly, NCC says 49 per cent of organisations it deals with do not stipulate security standards that their suppliers must adhere to, 34 per cent don't regularly monitor and risk assess their suppliers' cybersecurity strategy and only 32 per cent are "very confident" they could respond quickly and effectively to a supply chain attack.
Huettner says while many New Zealand companies and organisations have improved their cybersecurity capability, we are as exposed to cyber threats as any other country.
"The key challenge is to build a company's resilience so they are prepared to face up to threats, to understand what they are and how they might appear," he says. "At the end of the day a lot of the threats are financially motivated. For the attackers it's about making money and trying to take money off people."
He says the partnership with Vodafone is important because through them Defend has access to a wider range of customers it can connect with and help lead in transforming their cybersecurity resilience.
"We need to be assisting companies to be doing the right thing and to ensure every investment they make in cybersecurity is the right one and that they are clear about the threats they are protecting against."
Huettner says Defend follows seven key points when helping companies transform their cybersecurity capability. These include issues such as culture and awareness, governance, risk management, developing frameworks, policies, roadmaps and programmes, incident management and reporting.
Vodafone's chief enterprise officer, Lindsay Zwart, says the majority shareholding in Defend gives the company significant local capability in cybersecurity.
"Cybercrime is on the rise both globally and in Aotearoa," she says. "We are committed to tackling this threat, and to keep New Zealander's safer online as they enjoy the benefits of technology and connectivity.
"We're transforming Vodafone from a traditional telco to a forward-thinking tech company, to offer New Zealanders access to the latest technology, and to keep them safe while doing it.
"To do this we partner with the Aotearoa-leading cybersecurity company Defend to offer products and services. Recently we have also announced our technology partnership Palo Alto Networks to support secure connectivity and access - and to complement our existing partners such Microsoft, Amazon (AWS) and Cisco."
Zwart says Defend was established in 2017 and provides outcome-oriented services and leading capability practices for its customers.
Since 2017 it has received multiple awards including ISANZ Cyber Security Start-up of the Year 2018, ISANZ 2019 Company of the Year and was Microsoft New Zealand Partner Awards winner 2020 for Modern Work & Security and 2021 for Security. Most recently Defend has been awarded 2022 Microsoft country partner of the year for New Zealand.
"Defend's iCE (intelligent Cybersecurity Ecosystem) is a globally recognised managed cybersecurity service," Zwart says. "They focus on a number of areas including government, enterprise, commercial, health, utilities, manufacturing and service providers along with a deep dive into information and operational technology convergence to protect critical infrastructure and services."
For more information, visit https://www.vodafone.co.nz/business/security-services/