Organisations holding ‘sensitive data’ such as insurance, banking, finance and professional services companies that handle scientific data, have the highest awareness of cybersecurity threats, according to the Cyber Security NZ SME Landscape 2014 survey.
This fact was the ‘good news’ from the results of the survey, which covered 500 businesses across the country. The majority of participants surveyed were in the service industry (56%), followed by primary (15%), retail (15%), and secondary industries which include manufacturing and transport and storage (14%).
The ‘bad news’ was that New Zealand’s primary industries, including agriculture, forestry, fisheries, electricity, gas, mining and construction, which support the bulk of the nation’s economy, have the poorest understanding of cybersecurity threats and are the least prepared to manage them.
Head of security at Vodafone, who commissioned the survey, Colin James, said: “The statistics are pretty alarming across the board but for the primary industries it’s particularly concerning when you consider the huge importance of the sector to the New Zealand economy.”
The survey found that more than half (56%) of New Zealand businesses experience IT security attacks at least once a year, and that 70% have been affected by computer scams, online fraud or viruses and malware.
More worryingly, nearly half of all companies surveyed (45%) felt their business did not have adequate tools and policies in place to prevent or mitigate cyber threats.
James said: “Geographical isolation isn’t a safety net against threats. Gone are the days when all you needed was a firewall or virus scan to secure your company’s private data. Threats are becoming more sinister and advanced in their capability; the players are the same but the tools they have access to have evolved astronomically.”
James says there are also software update services for malware, so the malware updates itself. “They are taking a leaf from our own IT systems.”
The rise of mobility also means businesses now grapple with security information outside the business environment, says James.
Mobile devices are outgrowing laptops, and there is more likelihood a tablet or mobile will be left behind in a bar or taxi compared to a laptop. The survey found 83 per cent of lost smartphones in 2014 resulted in compromised business data, reports CIO.
Small businesses or those with under 250 staff account for 30 per cent of targeted attacks. To avoid detection, most of the attacks and hacking occur during weekends.
Despite these statistics, six out of 10 companies have no plans to increase their investment in IT security, notes James.
“Business leaders and IT managers need to re-evaluate where information is sitting these days; who has access to it and what security policies they have in place to protect against and prevent attack,” says James.
“The future for true cybersecurity lies with the vigilance of IT decision-makers – to ensure their systems are capable – and network providers to build more intelligent infrastructure capable of acting on threats to protect not only an individual user, but the overall integrity of the network,” says James.
Vodafone, he says, has deployed its own system called Vodafone Secure Device Manager (VSDM), which enables a company to remotely manage and secure any device on its network – whether company owned or part of a BYOD program.
“We need to ensure information is protected, regardless of where it resides. Intelligent networks operate by understanding what devices are connected to it, who is using those devices, who and what they’re communicating with and what they’re talking about.
“Without this intricate knowledge, businesses run the risk of creating chinks in their armour and opening themselves up for attack,” says James.