What’s New?

Cert NZ has released its second quarterly report for 2019.

The Cert NZ reports provide an interesting snapshot of recent cyber security incidents reported in New Zealand by both individuals and organisations.

The latest report shows that cyber security incidents continue to increase quarter-on-quarter:

  • 1,197 incident reports were made to CERT NZ in the second quarter of 2019, up 21% from Q1, and
  • losses of $6.5 million were reported, the highest amount of losses ever reported.

Notable Increases

Reports of scams and fraud increased significantly once again, making up over a third of the total number of reports received.

Scams relating to online shopping made up a high proportion of these reports. These scams operate across various platforms like social media, scam websites and sometimes through legitimate auction sites. They can result in financial loss when goods don’t show up, or don’t match the description, and can also lead to other types of incidents like identity theft.

Ransomware on the rise

Ransomware incidents have remained steady since CERT launched in 2017, but this quarter CERT received 22 ransomware reports, mostly from businesses.

Ransomware is a type of malicious software that can get into a computer system in a number of ways, like a bad link or attachment in an email, or through out-of-date systems or applications. Once the ransomware has infected the computer, it encrypts files so they can’t be read or accessed, and demands money (normally in the form of cryptocurrency) to recover them.

Much of the loss to businesses is from ransoms being paid (not something which CERT recommends, given that payment holds no guarantee of getting your files back). But the costs of ransomware also extend to reputational damage, permanent data loss, and risks to customer information.

Recovering from the impact of these attacks can be time consuming and significantly affect a business’s day-to-day operations.

How can I help protect my business from ransomware attacks?

  1. Keep your operating system and apps up-to-date, and download new versions when they’re available.
  2. Make sure you back up all your files regularly (such as with an external hard drive or cloud service) meaning that, should you risk losing access to them, they are easy to recover.
  3. Install business-grade endpoint protection (aka modern anti-malware) software and ensure it is automatically updated for signatures and heuristics.
  4. Consider security awareness training – as your business is only as secure as your staff, and their (often unwitting) behaviour.

Speak to us about how we can help protect your business and its sensitive information against scammers and other threats.

phew. Cyber Security Sorted.