The Government Communications Security Bureau’s (GCSB) National Cyber Security Centre (NCSC) has completed all actions recommended in an internal review of its response to cyber activity targeting members of the Inter-Parliamentary Alliance on China (IPAC).
Lisa Fong, the deputy director-general for cyber security at the GCSB, confirmed the implementation of all recommended measures stemming from the July 2024 review.
“I’m pleased to confirm that we have put in place measures to address all recommendations outlined in the initial review,” she said.
The changes involve the establishment of new operational standards and guidelines for NCSC staff. These updates aim to strengthen the centre’s ability to handle cyber incidents effectively and prevent similar concerns in the future.
As part of the effort, the NCSC has also released advice for individuals considered high-profile targets, which is now available on its website. This move fulfills a specific recommendation from the review.
“These series of actions help to ensure the NCSC’s work continues to be both focused on the most significant threats, but also those whom those threats affect,” Fong said.
Fong said that the agency was committed to ongoing improvement, emphasising that the adoption of these recommendations is part of a broader effort to enhance its operations.
“We are committed to identifying opportunities for improvement in our practices and procedures and implementing these where we have the ability to do so,” she said.
The internal review was initiated in May 2024 following concerns about how the NCSC handled reports of malicious cyber activity targeting IPAC members. These incidents involved foreign state-sponsored actors and raised questions about the centre’s approach to addressing broader implications beyond the technical response.
The review concluded in July and recommended a series of changes to improve the NCSC’s response to cyber threats targeting individuals in New Zealand.
In a related update, the NCSC reported a significant rise in cyber incidents in its Q3 2024 Cyber Security Insights Report. The number of recorded incidents increased by 58% compared to the previous quarter, with phishing and unauthorized access among the most common threats.
Between July and September, the NCSC documented 1,905 incidents, up from 1,208 in the second quarter. Financial losses linked to these cases totalled $5.5 million, representing a 19% decline from Q2. However, nearly 25% of the incidents reported involved financial loss.
Phishing remained the leading type of attack, with 823 cases reported in Q3 – an increase of 70%. Unauthorised access incidents also surged by 80%, highlighting challenges in securing systems and accounts.
