NZ Incident Response Bulletin July – 2019

Our Views:

A selection of issues relevant to Forensic and Cyber Security matters during the last month. This month’s theme is “NZ Cyber Security Strategy 2019”.

The NZ Cyber Security Strategy 2019 was released on 2 July 2019. The New Zealand Government has set out five priority areas to improve cyber security (2019–2023). We explore several of these in detail and suggest several practical steps you can take.

Cyber security aware and active citizens

Building a culture in which people can operate securely online and know what to do if something goes wrong.

  1. Understand cyber security in the context of your organisation and sector; and educate accordingly. If you handle payments, health information, intellectual property or are a nationally significant organisation, your risk is higher.
  2. There are numerous fit for purpose cyber security awareness tools available to assist organisations build awareness and resilience. Conduct a search online and contact several providers to explore your needs.
  3. Initiate a yearly employee cyber security ‘Warrant of Fitness’ check.
  4. Have a trusted person or organisation on 0800 speed dial for when you need cyber incident response assistance. They will know how to respond and which Government agencies to contact.

Resilient and responsive New Zealand

Ensuring that New Zealand can resist cyber threats and that we have the tools and know-how to protect ourselves.

  1. Adopt a suitable cyber programme such as the National Institute of Standards and Technology Cyber Security Framework (NIST CSF).
  2. Recognise that New Zealand is not immune to the threat of cyber-attack and defend accordingly. Say to yourself, it can happen to us and we may already have been compromised. Undertake a breach assessment check.
  3. Understand your cyber threat landscape by conducting research and share information amongst your employees, third parties and other key stakeholders.  A monthly dashboard is a good starting point.
  4. Be prepared to respond to major cyber incidents. Develop an operational cyber strategy, distribute an incident response plan and conduct regular cyber simulations.

Proactively tackle cyber-crime

Cyber-crime has existed in New Zealand for decades and the incidence of attacks continues to increase exponentially. The New Zealand Government has its role to play, but you will also need to be actively involved in preventing and responding to attacks, both from external and internal threat actors.

There is evidence that proves that the consequences of cyber-crime are becoming more severe. It may be that small actions can prevent the worst crimes, for example, turning on two factor authentication on any cloud service such as email, file drops and the like can prevent millions of dollars’ worth of theft and fraud.

Cyber-criminals pivot, so should you.  Consult with experts who can help you understand and tackle cybercrime.

For readers wishing to receive additional Forensic and Cyber Security information, the Premium Edition of the NZ Incident Response Bulletin is now available to clients who are subscribed to our Incident Response Retainer. The Premium Edition contains recent publications on Threat Alerts, Security Frameworks, Information Security Surveys, Forensic News and Research. Please contact us at support@incidentresponse.co.nz for further information or to request a one-off complimentary copy.

To subscribe or to submit a contribution for an upcoming Bulletin, please either visit https://incidentresponse.co.nz/bulletin or send an email to bulletin@incidentresponse.co.nz with the subject line either “Subscribe”, “Unsubscribe”, or if you think there is something worth reporting, “Contribution”, along with the Webpage or URL in the contents. Access our Privacy Policy.

This Bulletin is prepared for general guidance and does not constitute formal advice. This information should not be relied on without obtaining specific formal advice. We do not make any representation as to the accuracy or completeness of the information contained within this Bulletin. Incident Response Solutions Limited does not accept any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, when relying on the information contained in this Bulletin or for any decision based on it.