Online cheat reports at record high
Reported cybersecurity incidents have reached a record high, according to Cert NZ’s latest quarterly report.
From July 1 to September 30, the cybersecurity agency received more than 2600 incident reports from individuals and businesses; the highest number to date and a 33 per cent increase on the second quarter. The reported, direct financial loss was at $6.4 million (the average quarterly loss, based on 14 quarters, was $3.6m.)
Attacks circulated by email were among the most commonly reported incidents. In particular, a variation of malicious software, or malware, called Emotet, which is spread through email links or attachments, was responsible for a 34 per cent increase in malware reports on the previous quarter.
In a statement, Cert NZ’s director Rob Pope said the figures weren’t surprising given the recent spate of distributed denial of service (DDoS) attacks, ransomware and online scams.
In September, a wave of cyberattacks exposed worrying vulnerabilities in some of New Zealand’s key institutions. Most notably, for six days, the nation’s stock exchange was laid low by the attacks.
Most of the DDoS attacks were volumetric attacks, meaning they worked by overloading websites with more traffic than they were able to manage.
Pope encouraged New Zealanders to update their operating systems and software, ensure they use long, strong and unique passwords, and install antivirus software.
Of the reported incidents which provided a financial loss value, 13 were over $100,000.
The finance and insurance sector accounted for 60 per cent of reports about incidents affecting organisations.
Holiday season warnings
Security experts are warning shoppers to keep an eye out for holiday season scams.
The Domain Name Commission along with InternetNZ built a fake webshop to help Kiwis spot signs of dodgy e-commerce. The site warns if a discount seems too good to be true then it probably is.
Changes to the Privacy Act
The country’s new Privacy Act comes into effect on December 1, 2020.
Changes include the introduction of a privacy breach notification regime. This means if an organisation experiences a data breach where private information is lost or stolen, and believes the breach could result in serious harm, it’s required to notify the Office of the Privacy Commissioner and affected individuals as soon as possible.