Recent attacks on Stock Exchange pose serious challenges
Matthew Stern
In late August of this year, the New Zealand stock exchange (NZX) was forced offline for two days in a row and had limited functionality for four days following a series of cyber-attacks, potentially caused by known Russian hacking group Fancy Bear.
Grant Robertson, the Finance Minister, noted “I can’t go into much more in terms of specific details other than to say that we as a government are treating this very seriously.”
Both the Government Communications Security Bureau and the national agency covering cybercrime were enlisted to help.
Serious questions raised
While the NZX was operational soon after the distributed denial of service (DDoS) attack, which came from abroad, the incident raises serious questions about the state of cyber security in New Zealand as a whole.
Rizwan Asghar, a Senior Computer Science Lecturer at the University of Auckland told Reuters, “The real question is what are the resources allocated and threshold set for protecting against these attacks.”
As the country faces a potential shift from its current Covid-19 alert levels of 2 and 2.5, many companies are staying cautious and opting to stick to a remote working model, particularly in Auckland, which recently re-entered and exited a city-wide lockdown to halt the spread of a community cluster.
Remote working challenges
Remote working presents cyber security challenges for companies across the world, but in New Zealand, the risk seems rather high in comparison to other nations, according to a recent study by Barracuda Networks. The study indicated that a full 40% of organisations in New Zealand had experienced at least one data breach after adapting to a remote working model. It also noted that 37% of employees had faced email phishing attacks.
Worryingly, and despite these rather concerning figures, 41% of the companies surveyed in the study did not have up to date cyber security strategies in place, further illustrating the concerning state of cyber security in New Zealand.
While the nation rarely faces attacks from foreign hacking groups on the scale of the recent NZX attacks, the incident and the study from Barracuda Networks paints a rather dire picture of digital security in New Zealand.
Was to boost security
Business owners and individual users alike would be wise to attend to their cyber security needs carefully, particularly as the ongoing Covid-19 crisis is increasing the number of cyber-attacks in general as threat actors aim to profiteer from the panic with targeted threats.
With that in mind, below we go over several ways for corporate and individual users to boost their security practices.
Cyber security measures should work together to form a multi-layered approach to security. Here are some easy and actionable steps to take:
Opt for VPN Encryption
Both companies and individuals can benefit from the protection provided by Virtual Private Networks (VPNs). Once thought of as primarily for privacy, these security tools are now recognised as key elements in a robust security strategy.
When a user is connected through a VPN, two key things happen.
Firstly, the software creates a private browsing network and secondly, the user’s data transmissions are encrypted as data packets are routed and rerouted through protected servers.
Businesses can install VPNs on their routers to cover the whole office network and individuals can do the same on home routers or use a VPN app on individual devices.
Antivirus and Antimalware
Both traditional antivirus and antimalware programmes should be used to protect devices, particularly those that connect to company networks and systems. Antivirus programs are great when it comes to detecting the trojans and worms of old while antimalware is needed to handle more dynamic, modern threats.
Account Breach Monitoring
For companies facing a dispersed workforce that is operating on unknown home networks and potentially compromised personal devices, there is an increased risk of breaches.
Automated account breach monitoring is one way for businesses to make sure that employee credentials and accounts have not become cyber security risk factors.
Individuals can check their own account and credential security by running their email address through an online breach checker such as Have I Been Pwned?
Multi-factor Authentication
The days of one password and one log-in step are gone. As the threat landscape shifts and becomes more dynamic and pervasive, accounts need greater security.
Choosing multi-factor authentication whenever possible is an easy way to boost security at no cost. Just be aware of the risks involved in using SMS verification should a user’s phone be lost or stolen.
Above and beyond the steps outlined here, companies and individual users should brush up on their basic digital hygiene and ensure the practices they use online are those that minimise risk.
Cyber security in New Zealand clearly needs some work, at both the state and civic level, but facing up to the threats means greater awareness and ultimately, fewer digital security incidents.