A recent Frost & Sullivan study commissioned by Microsoft found that a staggering 50% of organisations in New Zealand have experienced job losses in the past year as a result of cyber attacks.
Key findings of the study
The study, based on 100 responses from business and IT decision makers in medium to large organisations (250 or more employees) in New Zealand, also found that:
- 36% of organisations have experienced a cyber security incident; and
- 16% of organisations are not sure if they have experienced a cyber security incident as they have not performed proper forensics or a data breach assessment.
“With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation – as has been made all too clear by recent high-profile breaches.”
Cyber attacks in New Zealand
2018 has already seen a number of attacks in New Zealand.
New Zealand-based fuel supplier Z Energy admitted that customer data from its online database was accessed by an unauthorised third party.
International ticket vendor Ticketmaster contacted customers in New Zealand who may have been affected after the organisation “identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster”.
Cyber security is an afterthought
In addition to the financial losses that directly affect organisations that are hit by cyber attacks, the study highlighted how these incidents are undermining New Zealand organisations’ digital transformation.
Just under half of respondents said their organisation has put off digital transformation efforts because of the fear of cyber risks.
The study also revealed gaps in organisations’ cyber security approaches, with many treating security as an afterthought.
Despite being hit by a cyber attack, just 19% of organisations consider cyber security before starting a digital transformation project.
Recommendations for New Zealand organisations
The report has issued the following key recommendations for organisations in New Zealand:
- Continue to invest in strengthening security fundamentals.
- Undertake regular assessments, reviews and continuous improvement activities.
- Leverage artificial intelligence and automation to increase capabilities and capacity.
Organisations can strengthen their cyber security stance by implementing an ISMS (information security management system) that complies with the international standard ISO 27001.
ISO 27001 can help organisations to build a sold cyber security foundation by following international best practice in information security.
In addition, it encourages a formal review and continual improvement process to ensure the organisation constantly adjusts its security practices in line with emerging risks.
Benefits of an ISO 27001-compliant ISMS
An ISMS (information security management system) is a system of processes, documents, technology and people that helps to manage, monitor, audit and improve your organisation’s information security.
ISO 27001 is a proven information security management framework that sets out the requirements for an ISMS.
An ISO 27001-compliant ISMS can help organisations protect all their organisational data by focusing on solutions related to people (staff, contractors, management), processes and technology. It requires routine reviews, regular audits and can also lead to independent certification which may provide assurance to:
- Avoid penalties and financial losses;
- Protect and enhance their reputation;
- Meet increasing client demands for greater data security;
- Get independently audited proof that their data is secure; and
- Meet local and global security laws, such as the EU GDPR (General Data Protection Regulation).
Essential guidance to understand and implement ISO 27001
Implementing an ISO 27001-compliant ISMS can be a complicated job, particularly if you are new to the Standard.
August’s book of the month, Nine Steps to Success – An ISO 27001 Implementation Overview, provides essential guidance from ISO 27001 expert Alan Calder to help you get to grips with the requirements of the Standard and make your implementation project a success. The book:
- Details the key steps of an ISO 27001 project from inception to certification;
- Explains each element of the ISO 27001 project in simple, non-technical language; and
- Is an ideal guide for anyone tackling ISO 27001 implementation for the first time.