New Zealand businesses face an ever-increasing and daunting array of cyber threats. According to CERT NZ’s, nearly 8,000 cyber security incidents were reported in 2023, resulting in more than NZ$18 million being lost.

Reported incidents and associated losses have more than doubled on our shores in the past five years, so while some attack methods are proving less successful as businesses take steps to secure themselves, there is still a lot of work to be done to further reduce the cost of cybercrime.

Guidance from Industry Experts

We recognise that organisations in Tauranga and across the country will have heard a lot of advice on this topic in recent times.

IT MSP’s like us at Stratus Blue, alongside insurers, law firms, and the likes of CERT NZ and the Privacy Commissioner have rightly been keen to provide sound guidance on how risks can be reduced and threats avoided.

While some of this may feel repetitive, it is vital that business decision-makers and team members alike remain vigilant to the increasingly sophisticated methods that cybercriminals are employing.

Understanding Modern Attack Vectors

We are seeing attacks deceive individuals into providing sensitive data such as usernames, passwords, and credit card details, through modified emails and fake websites that mimic legitimate ones, along with attackers gaining unauthorised access to systems or data and then wreaking havoc by encrypting files and making key programs unavailable.

The resulting downtime and reputational damage are significant for any organisation, and cyber crime continues to have an outsized negative impact on small and medium-sized enterprises that may lack robust security measures.

Practical Measures for Cybersecurity Enhancement

1. Multi-factor authentication – adding another layer of authentication to any login continues to be a crucial defence barrier to your systems and data. Verifying yourself through an application code, or even a text message, just like we see in online banking, will prevent a lot of attacks that would otherwise succeed.
2. Enhanced email security – just sending and receiving emails may leave you more exposed than you think. There are lots of email systems out there, but a combination of enhanced filtering and checks for spoofing and impersonating accounts can help you spot a scammer that at first glance seems above board.
3. Regular auditing and updates – having a security baseline, which can be gathered in an assessment of your cybersecurity posture, and then measuring your stance against it on an ongoing basis will give you a measure of whether you’re heading in the right direction. As part of that assessment, looking at older systems and devices that you use and replacing them will further bolster your security position. Updating every application and machine in use in your business will make them as secure as they can be, and deter attackers who will instead focus on easier targets.
4. Security awareness training – people have to make decisions each day and helping your team know what to be mindful of will go a long way to stopping the incident that could stop your business. Ongoing training around the latest threats and the ways in which people can verify something that doesn’t quite feel right is a key investment in your people and your business.
5. Backups and recovery planning – as the latest metrics show, we know that attackers still are getting through and scam attempts continue to work. When the worst happens, having a way to get your information back can lessen the impact and reduce the time you may be offline.

The CERT NZ 2023 report highlights an evolving cyber threat landscape where vigilance and proactive security measures are more crucial than ever. By understanding the prevalent risks and implementing best practices, New Zealand businesses can not only protect themselves, but also contribute to a safer cyber environment for all.

For more specific recommendations for your business or an assessment of your cybersecurity posture, please contact the author  – Jacob from Stratus Blue – jacob@stratusblue.co.nz who will be happy to assist.