NZ Cyber Security Strategy 2019

Cyber security aware and active citizens

Building a culture in which people can operate securely online and know what to do if something goes wrong.

  1. Understand cyber security in the context of your organisation and sector; and educate accordingly. If you handle payments, health information, intellectual property or are a nationally significant organisation, your risk is higher.
  2. There are numerous fit for purpose cyber security awareness tools available to assist organisations build awareness and resilience. Conduct a search online and contact several providers to explore your needs.
  3. Initiate a yearly employee cyber security ‘Warrant of Fitness’ check.
  4. Have a trusted person or organisation on 0800 speed dial for when you need cyber incident response assistance. They will know how to respond and which Government agencies to contact.

Resilient and responsive New Zealand

Ensuring that New Zealand can resist cyber threats and that we have the tools and know-how to protect ourselves.

  1. Adopt a suitable cyber programme such as the National Institute of Standards and Technology Cyber Security Framework (NIST CSF).
  2. Recognise that New Zealand is not immune to the threat of cyber-attack and defend accordingly. Say to yourself, it can happen to us and we may already have been compromised. Undertake a breach assessment check.
  3. Understand your cyber threat landscape by conducting research and share information amongst your employees, third parties and other key stakeholders.  A monthly dashboard is a good starting point.
  4. Be prepared to respond to major cyber incidents. Develop an operational cyber strategy, distribute an incident response plan and conduct regular cyber simulations.

Proactively tackle cyber-crime

Cyber-crime has existed in New Zealand for decades and the incidence of attacks continues to increase exponentially. The New Zealand Government has its role to play, but you will also need to be actively involved in preventing and responding to attacks, both from external and internal threat actors.

There is evidence that proves that the consequences of cyber-crime are becoming more severe. It may be that small actions can prevent the worst crimes, for example, turning on two factor authentication on any cloud service such as email, file drops and the like can prevent millions of dollars’ worth of theft and fraud.

Cyber-criminals pivot, so should you.  Consult with experts who can help you understand and tackle cybercrime; for example:

Year Threat Mitigation
2018 Ransomware Anti-malware and Backups
2019 Business Email Compromise Two factor authentication and Phishing awareness campaigns
Emerging Remote Access Compromise Uninstall any free remote access tools and replace with commercial grade ones, or better still eliminate remote access