Several recent hacking incidents seen in the press indicate that cyber security continues to be a prevalent issue for New Zealand businesses. Examples include a patient data breach at Tū Ora Compass Health and the hack of the Asics Auckland store screens to show inappropriate content.
But how are we meant to prevent such attacks, without understanding the motivations and capabilities of cyber criminals?
The Cyber Security Cycle
The cyber security cycle begins with new software being released to the market. Despite developers’ best efforts, software often contains vulnerabilities. Hacker’s are quick to jump on these vulnerabilities, exploiting users of the software. The software company then responds by patching these vulnerabilities, and the cycle goes on.
There are several constants in this cycle that enable cyber criminals to be successful. This includes the fact that cyber crime in highly complex and always changing, meaning it will always pose a risk to businesses.
The Threat Landscape
Ransomware: At 1%, this looks small, however this issue has not been solved in New Zealand. Ransomware is now being distributed by Advanced Malware (45% of attacks) which comes in the form of a Zero Day Attack, meaning the day a weakness is discovered in software it is exploited before it is ‘patched’ or fixed by the software vendor.
Financial Malware: At 19% this is a significant threat designed to steal banking details and transactions, which in turn enable hackers to use credit cards saved on your computer to purchase instant use gift cards, as an example.
Generic Malware: Makes up 18% of threats by accessing your environment in the background. It gets in via social networks, doubtful websites, freeware, shareware and the like. It can then deploy keyloggers, trojans, open backdoors and even simple adware/popups.
Where and who are these attacks coming from?
The largest proportion of attacks come from China, Russia and Eastern Europe. However, what is more interesting is who is attacking:
• 78% Criminals
• 16% Espionage
• 6% Warfare
Understanding the type of actors performing the attacks is far more important. The vast majority of attacks are now, and have been for some time, criminals who are hacking as their full-time, 9-5 profession.
A Look at the Cybercrime Industry
The cybercrime industry is now generating 1.5 Trillion US Dollars a year, and growing exponentially. As seen in the graph below, by the end of 2019 over 1 Billion unique malware samples will exist, with growth year on year.
Crimeware as a service now exists. There are software and services that make attacks, infections and money laundering far easier and automated for cyber criminals. As we subscribe and register to platforms such as Netflix and Office365, cyber criminals are subscribing to these crimeware platforms.
What can we do about this threat?
The IT Partners Multilayered Baseline Cyber Security Solution certainly means your systems are well protected. However, as cyber criminals continue to develop, it is important to place a focus on continuous improvement by adopting new initiatives to counteract this threat.
New security initiatives include:
• Multi-Factor Authentication (MFA sometimes referred to as 2FA)
• Staff education, phishing stimulation’s
• IT Acceptable use Policies
• Single Sign On
• Artificial Intelligence monitoring of the dark web credentials
If you would like to learn more about the IT Partners Multilayered Baseline Cyber Security Solution or the new security initiatives seen above, feel free to reach out to our team via email or phone 07 957 2650.