RSM New Zealand

Cyber-security and what the 2019 Budget leak has taught us

budget_2019.jpg

The simple act of online searching previous years’ budgets caused one of the biggest information leaks within New Zealand in recent times. National Party policy advisors used Treasury’s online search feature with unintentional consequences. The result was embarrassment that what was thought to be malicious attacks or intentional hacks was simply sloppy protection and security of IT platforms.

New Zealanders reported more than 3,400 cyber security incidents in 2018 at a cost of more than $14 million dollars; a 205 percent increase on incidents reported in 2017.

The information leaked from the 2019 Budget had little real-world impact but the consequences would have been significant had this been a situation where individuals or agencies were able to make huge financial gains or negatively affect that organisation. 

Internet of Things and advancement in technology speed and capacity of delivery, has created a world so invisibly and intrinsically linked that data breaches no longer remain an ‘if’ but a ‘when’ scenario. Numerous opportunities exist to facilitate these breaches. Google Store has over 2.6 million apps, or which 300 apps contain malware. These 300 apps have been downloaded more than 100 million times.

Technology and data breaches occur daily and are irrespective of individuals, organisations, governments and countries. Hackers are constantly creating more sophisticated models of penetration and it’s difficult to maintain security across all platforms of connectivity and digital footprint.

A significant portion of New Zealand businesses can implement immediate measures to manage cyber security risks. These include the following fundamentals:

  • Implement a Firewall – your first line of defence
  • Install anti-malware software – your second line of defence
  • Document and implement cyber-security policies
  • Train your employees on these requirements
  • Back up your data – regularly
  • Use multi-factor identification

The bigger your organisation, the more sophisticated your planning should be.

  • Run ‘threat modelling’ to establish who your most like adversaries might be and how likely it is that they could attack you
  • Breach readiness preparation – run scenarios with your employees to train them on correct responses
  • Conduct ethical phishing exercises to test your staff, raise awareness and educate your C-suite
  • Ensure Governance of policies, procedures and actions remains up-to-date and relevant.

Follow our Finding Opportunity in Change series for more information on the value of data, GDPR, compliance, cyber security and innovation.

 

Would you like to discuss this topic further?

Please email us to submit a question or click on the author below to directly discuss this article

CONTACT us