Could New Zealanders initiate a cyber attack from within?
The threat landscape is significantly increasing worldwide, and the opportunities it presents are a growing concern in Aotearoa.
But would a Kiwi have access to the technology needed to initiate one and what is in place to prevent this?
KPMG Cyber Security Services partner Philip Whitmore says that nothing stands in the way of someone in New Zealand initiating a cyber attack, and Aotearoa-based attacks take place on a regular basis.
"A local person may however choose at times to use offshore resources to support an attack, for example to hide the origin of an attack," Whitmore says.
KnowBe4 recently released its 2022 Security Culture Report examining trends in security culture, with chief evangelist and strategy officer Perry Carpenter explaining that the term refers to "how people think about and approach a more secure environment and this report focuses on those key elements."
Conducting this research for the first time, KnowBe4 found that overall, security culture worldwide is improving.
"This was the most promising finding from our research and emphasises that security culture should be viewed as a critical asset used to reduce risk and improve security."
The report includes a Security Culture Index (SCI), which rates organisations globally based on their security culture score, calculating its results by analysing thousands of companies worldwide. It notes that "North America scored 74 (the best), with the rest of the world comparable to Europe and Asia scoring 73, and Latin America, Africa and Oceania scoring 72." However, it goes on to say that the global overview may give the inaccurate impression that all regions perform similarly and that the situation is okay, but the reality is that the situation is more nuanced and unsettling.
"Security culture in Oceania is showing that Australia (73) and New Zealand (72) are quite different from each other, and neither is doing particularly well. It is highly recommended that organisations in this region step up their investments in security awareness, behaviour and culture going forward. The other parts of the region are lagging far behind, not even measuring on the Security Culture Index."
Whitmore adds that changing technology has made it easier for threat actors to carry out attacks.
"The rapidly changing cyber security landscape has often meant there are increasing opportunities to gain unauthorised access.
"While organisations are managing a variety of cyber security risks, a threat actor only needs one way in."
One of the systems in place to keep track of this kind of activity is the National Cyber Security Centre's (NCSC's) Malware Free Networks (MFN).
A branch of the GCSB, the NCSC developed the MFN service to make Aotearoa's cyber defence capabilities more robust by detecting and disrupting threats. Through this function, the service is able to provide threat intelligence about current malicious activity targeting New Zealand organisations almost in real-time. Read More…