Cybersecurity reports hit record highs: CERT NZ

More than 700 cybersecurity incidents have been reported between 1 April and 30 June, according to the latest threat report from CERT NZ.

This is the largest ever volume of cybersecurity incidents to take place in a single quarter.

Phishing reports have also increased significantly this quarter — from 196 in quarter one to 455 in quarter two. This leap in reporting comes from closer collaboration with the financial sector, and has enabled a better picture of the phishing campaigns that constantly target New Zealanders.

“The rising number of reports we are seeing demonstrates the growing level of trust for CERT NZ as a central front door for cybersecurity issues,” said CERT NZ Director Rob Pope.

“But the volume of incident reports is only one aspect of the work we do, and this quarter CERT NZ is pleased to be able to share deeper analysis and categorisation of reported vulnerabilities.”

Vulnerability is a weakness in software, hardware or an online service that can be exploited to damage a system or access information. 69 vulnerability reports were received over quarters one and two of 2018, with 15 handled under the Coordinated Vulnerability Disclosure policy (CVD).

Pope said all organisations should have a plan for vulnerability reports.

“A little careful planning and talking to us ahead of time is likely to make the process much less painful for everyone involved,” he said.

Thanks to the data received through reporting, CERT NZ is also able to drive other key initiatives. For instance, in quarter two, CERT NZ received a report from an online e-commerce store that had repeatedly suffered breaches over the course of a year.

“We were able to help them identify the key areas where their website’s security was falling short and to understand why these weaknesses hadn’t been resolved by their temporary and partial fixes,” said Pope.

“With guidance from our team, they were able to take steps to resolve the weaknesses and keep the attacker out for good.

“It’s information from cases like this that enable us to create data-driven content that helps Kiwis stay resilient to cybersecurity threats. When we saw that New Zealand business websites were experiencing issues, we used this information to create a focused guide for businesses, with key measures they could take to protect themselves.”

The CERT NZ guide to securing business websites is available on the CERT NZ website: www.cert.govt.nz/protect-it.

Image credit: ©kentoh/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.