A couple of weeks back we had the pleasure of attending the annual Cyber Security Summit in Wellington.

Over 160 cyber security experts gathered together, and there were numerous roundtables, a VIP forum and many expert speakers. We were all given the opportunity to network, discuss and uncover pathways forward for our cybersecurity frameworks.

There were some fantastic speakers and much to be shared and learned. Some highlights for us included the following:

  • The National Cyber Policy Office talked about their role in assessing cyber risks and how they manage the scale and complexity of this challenge on national scale. There are a range of government agencies which work together to provide much needed strategy and guidance to individuals and corporates, and all of this input is coordinated by the NCPO in its role as national cyber security adviser to the government.
  • The Office of the Privacy Commissioner provided us with an update on the progress of the Privacy Bill (see our previous blog about this). The new Act is due to be enacted some time next year and will ensure there is a more modern approach to meet the privacy needs of individuals in terms of access to and care of data. The new mandatory breach notification was discussed and the ongoing debate around the concept of “harm” under the new Act. Watch this space for updates!
  • Other Industry Insiders spoke about the importance of incorporating security into a business and its data management from the very beginning. Given the shift toward agile work styles and the ease of and wider spread of data, the importance of devices themselves as the new perimeter was emphasised. Security controls need to be included by design in the development stage of apps, instead of being added in as an after-thought.

We also took away a few fascinating (and unsettling) facts. Did you know?

  • The term “cyber security” is an official term of the United Nations, but was only adopted as such a year ago, and still does not have a formal definition.
  • Only 31% of New Zealanders maintain offsite copies of their backups.
  • Kiwis rather optimistically estimate that there is only a 3% chance of there being a ‘cyber event’ in the next year.  She’ll be right mate (won’t she?)
  • SMTP (used to transfer emails between email servers) is a technology which dates back to 1982, and is still in use today. Any security features which it has have been simply layered on top of it over time – and yet most cyber attacks start with email.  DMARC is a technology that has a role in limiting spam and phishing and credential harvesting, but is so far is very sparse use in New Zealand, particularly in the public sector where 97% of government departments have not yet configured or supported DMARC.