NZ is becoming increasingly aware of the risks from cyber attacks. The security alliance with Five Eyes and protection from multinational cybersecurity providers are incredibly important if we want to minimise risk from attacks.
While we can safely assume our customers, vendors, and staff are ethical and play by the rules, hackers and criminals do not. They will find and exploit any weaknesses and flaws in the system. Whether they are doing it for notoriety, money, retribution, or fun, people who play outside of the system don’t respect laws.
Worldwide, there has been a succession of attacks on governments and businesses, and that is reflected in NZ. While there’s a lot being done to counter these, it’s not enough to keep pace with these intelligent and tech-savvy criminals.
Five Eyes (FVEY), Cortex and AI For Good
FVEY is the intelligence alliance of five countries, NZ, Australia, Canada, the UK and the US. It’s a joint initiative where there is shared information about signals, defence, human, and geospatial intelligence. These five countries work together to identify groups and individuals who are involved in the War on Terror, as well as intel on North Korea, China, Russia and other threats.
“Five Eyes does give us lots of insights and understanding and we can share ideas in the things that we do,“ said Sir John Keating who was speaking alongside Microsoft Managing Director, Vanessa Sorenson, at the launch of Umbrellar Connect.
This network is crucial to provide context that help to evaluate and respond to potential threats. There are increased complications as the lines between state sponsored cyber warfare and crime driven by profit are increasingly blurred.
AI For Good is a Microsoft initiative that uses artificial intelligence to protect individuals and organisations. Using AI, they can quickly identify cyber attacks, allowing immediate action. It can also help to prevent cyber attacks by watching behaviour online and identifying patterns of problematic behaviour. It uses Microsoft’s Intelligence Security Graph to analyse billions of data points across major services, hunting for anomalies and suspicious activity.
In NZ, there has also been ‘Cortex’ developed, which is a government initiative security platform for large Kiwi businesses and infrastructure. This has been highly tested by black ops hackers who stress tested the firewalls and cloud security, looking for weak spots and security flaws.
Despite thorough testing during development, cybersecurity needs to move fast to keep up with constantly evolving criminals and external threats. Increasingly intelligent and sophisticated scams and techniques mean that nothing is safe for long.
Educating companies on the risks
People write up to hundreds of emails every day. But within businesses and government, many of these communications are off-the-cuff, and the sender- or receiver- would have ever expected they become public consumption.
The other fear is not of being exposed, but of ransom demands. Big businesses and Governments need to make sure they aren’t open to huge ransom demands when hackers infiltrate their systems. Baltimore local government ended up making an expensive mistake and paying $10 million in ransom money to get their systems back. Can you afford that, with all the risk it carries?
Hackers are determined and highly capable, and many have huge resources to hand. How can you, and NZ, counteract this?
Minimising risk of cyber attacks
Data security is the highest concern, and local infrastructure helps this. With Cortex, having data within NZ’s shores means sensitive information from government departments, banks and other large institutions, no longer needs to be sent overseas to massive data centres. This makes this data subject to NZ law, an added layer of security.
While there are steps being taken by the government and overseas companies, individual people and companies must take steps to protect themselves. A company is only as strong as it’s weakest password; and some employees may struggle to feel the importance of this. Multi-layer security systems needing verification from external devices to log on, combined with ever-changing passwords is just a first step.
Education of staff about what a phishing email might look like, or the importance of not writing your password on a post-it note on your monitor are vital. While top-down strong systems and intelligence are important, it’s useless if bottom-up education isn’t carried out.
All businesses should take this seriously. The risks are huge to data for yourself and customers, and the financial risk even larger. While you pay insurance and prepare for a natural disaster, the same should happen for cyber security. Would you leave the front door of your business unlocked, and the security alarm off? Why don’t you have two-factor staff authentication for accessing the cloud computer system when you expect it in the physical space?
Companies that don’t take cyber security seriously will suffer the consequences. It’s just a matter of time.
