Poor Cyber Security - Is It Costing Your Business?

1st November 2018

This blog on SecurityDigital is provided by LifeLot – Your Online Digital Safe.

Securely store and share your information with your important people when it’s needed.

Find out more about LifeLot

Cybercrime costs New Zealand businesses about $250m-$400m a year - though that is only an estimate as a vast number of cyber attacks are not reported.

According to leading cyber-security company Kordia and Peter Bailey, general manager of Aura Information Security (Kordia's specialist arm), New Zealand is particularly vulnerable.
Recent Kordia research found 30 per cent of almost 200 IT decision makers in business with 20 employees or more were unsure their existing cyber-security measures would prevent a breach; another 20 per cent had no online security policies or training in place.

Some companies don't even know they have been hacked.

The research also showed medium enterprises (60-99 staff) had a "she'll be right" approach that left them "wide open" to attack, says Bailey.

So what are the most common mistakes companies make in addressing - or not addressing - the need for cyber-security? Bailey says there are five:

1. People believe it won't happen to them

"People still think we are geographically isolated, a small country at the end of the world that doesn't have anything worth stealing," says Bailey. "So they leave themselves unguarded, overseas organisations hack in and use their server as a bot to run illegal activity, among other things."

2. Internal/personal security laxness

"It's remarkable but even though our industry has gone on and on about it to boring levels, many people still believe password protection is a minor issue. Some think their company has a firewall so they can get away with passwords like "password" or "admin".

Bailey says the widespread habit of using the same or similar passwords for work and personal accounts is also a hacker's dream: "If they can get your password from home, that often allows them into your work systems."

The massive 2015 cyber attack on US health insurance giant Anthem (78 million customer records exposed) came when an employee opened a "phishing" email - a pretend official communication but which some unprepared staff still fall victim to, giving hackers access to the system once opened. Educate your staff, says Bailey.

The digital business ecosystem is reshaping cyber security in New Zealand: 

57% are investing more in security

68% will invest in new security needs related to evolving business models in the next 12 months

56% will invest more in improved collaboration between business, digital and IT over the next 12 months

3. General lack of "security hygiene"

Many people and businesses ignore running Windows or anti-virus updates, preferring to address other, more convenient matters. But those updates are a built-in line of defence for software and apps to patch any discovered vulnerabilities or potential back doors into the system.

Bailey says: "Mossack Fonseca, the law firm at the heart of the Panama Papers scandal, had not updated their software, making them vulnerable to an attack that accessed their documents - exactly what happened. Update systems and back up files - so you can deal with attacks like ransomware that enters your system, encrypts files so you can't access them and asks for money to release them.

"If you are backed up, you have a ready-made solution. It's so easy to do that - but so many people and companies do not do it."

4. Not all cyber attacks come from computers

The vulnerability of staff can be a great source of wealth for hackers, Bailey says: "We run what we call a Red Team exercise where we test a client company's cyber-security defences. Among the things we do is use social media and sites like LinkedIn to identify people who might help us.

"Then we pretend to be an IT repair company and ask for information over the phone or call someone and pretend to be an executive and shot at them until they give us the passwords we need. It often works."

5. Business partners need to be part of your network

Third parties - business partners or suppliers - can also be a way in for unscrupulous hackers. The infamous hack of 40 million customers' credit and debit card details from the US Target chain of stores came about when hackers compromised a contractor to gain entry and then acquired advanced rights.

Bailey says: "Companies are realising they are also vulnerable to third parties who may not wish them ill but who provide a pathway for those who do. Many are doing a cyber-security audit these days - especially UK and US companies who want to use New Zealand companies.

"But even if your company can't do that, at least agree some minimum security measures with suppliers and contractors so you don't end up with egg on your face."

A year or two back, Bailey says there would have been a sixth big mistake - boards and chief executives passing off cyber-security as an IT issue: "Thankfully, we are now seeing top table recognition this is a problem that could affect an entire business."

When electing a cyber-security advisor, Bailey says companies should look for credentials and track records; the boom in cyber attacks has created fertile ground for the birth of many small and largely untried cyber-security companies. 

# Cyber Security by Kordia brings together a wide range of industry-leading security services and solutions, providing New Zealand's most comprehensive security suite. A key element of this is delivered by specialist cyber-security consultancy, Aura Information Security. Kordia and Aura say companies can protect themselves by getting advice from seasoned specialists, installing a series of measures against hackers and breaches, educating staff and their speciality - 24/7 monitoring and analysis of clients' operations.

Let Kordia be a part of your business's IT journey, connect with them today.

See also:

Mandatory breach notification in NZ – it’s coming!

Breach Notifications 2017 (see page 9)

Source: https://www.nzherald.co.nz/kordia/news/article.cfm?c_id=1504265&objectid=11841912

LifeLot is happy to say that Kordia is also our "partner in penetration"! The LifeLot website has been through rigorous penetration testing, and this is a continual relationship with Kordia to ensure it stays impenetrable. With the amount of sensitive and personal information that one could keep within their personal LifeLot account, it was and always will be a number one priority to make sure that this information stays safe and private. The use of two-step validation login also helps to ensure this because all sensitive data in the database is encrypted. You can be confident that LifeLot is even more secure than some banks, not even our LifeLot team can view it!

For more information (and a LOT of facts and numbers...) read The Privacy and Security of Your Data is Paramount.

Of course, if you still have more questions you can always Contact Us and one of the team will be happy to talk to you.

Related: Digital | The Privacy & Security Of Your Data Is Paramount | What's My Password?


Read previous informative and interesting Blog Posts from LifeLot

I've got your back!Why It’s Important To Organise And Share All This Stuff With Someone

Life is full of twists and turns. Planning and gathering together all these jigsaw pieces now will relieve a lot of stress later. Whether you’re recovering from surgery, involved in an accident, or embarking on the one adventure every human must eventually take into the great beyond. This info will come in handy for you in every day life, your family and loved ones. By organising and sharing the location of all these things you’re helping yourself to become more efficient,  engaged in your life and your family can easily take over if needed.


It's simple to set up, free to try, and it can make a world of difference for your family if something happens to you.