New Zealand organisations advised to treat cyber security “like a business”

December 17, 2012

While organisations in Australia struggle with ensuring ongoing vulnerability management and cyber security, it seems enterprises across the ditch are also grappling with protecting themselves against the modern digital threat landscape.

According to a new report from audit, tax and advisory services provider KPMG, in 2012 external data leaks affected more than 160 million people across the world over 835 separate incidents.

That amounts to a year-over-year increase of more than 40 per cent, and KPMG claims that malicious hackers were responsible for more than two thirds of the total amount of data lost.

KPMG has suggested that organisations in New Zealand concerned about the risk of being a victim of a data security incident take steps to treat security "as a business" rather than an IT issue, in order to ensure that risk management processes are robust and reliable.

It has also recommended that businesses fully patch and update any internet facing systems in order to mitigate the impact of new and previously unknown threats.

Another way in which enterprises both in New Zealand and Australia might look to adequately protect themselves from cyber criminals and data breaches is by undergoing ethical hacking assessments in order to identify any potential vulnerabilities and risk points.

According to KPMG New Zealand’s director in charge of security advisory services Philip Whitmore, businesses are witnessing a "shift" in the most frequent cause of data loss, away from accidental information leakage to more deliberate and orchestrated theft.

"Several of the world’s largest companies have been targeted over recent months by hackers who have grown in sophistication," said Mr Whitmore in a statement released December 13.

"It is now not just a lone hacker sitting in their bedroom but, in many cases, serious organisations backed by nation states who are leading this new phenomenon."

Mr Whitmore noted that organisations need to be aware that data loss incidents reported by the media are likely only the tip of the iceberg and that many other security breaches likely go either undetected or unreported.

"What we see in the media … typically only includes incidents where the breach has entered the public domain. Incidents which involve the loss or theft of commercial data go largely unreported," said Mr Whitmore.

KPMG’s recently released Data Loss Barometer also found "personally identifiable information", for example people's names and credit card details, are the most common target of security breaches around the world, with 46 per cent of reported incidents accounted for this way in 2012.

Password information was found to be the next biggest reason for breaches of security, accounting for a total of 16 per cent of incidents. While that number seems relatively minute, it is worth noting that it is a significant increase from the figure of 5 per cent reported in 2011.

Leave a Reply

Your email address will not be published. Required fields are marked *