New Zealand cybersecurity – what’s coming in 2022
Trends, predictions and a few warnings
While we don’t pretend to have a crystal ball, our team is immersed in the world of cybersecurity email – they see the pressures, the increases and the legislative and business shifts that can have a real impact on their clients. So we gathered those brains to hear their predictions for 2022. There’s some good news, some surprising shifts and a fair few warnings. Here’s what to expect this year.
1. Cybersecurity breaches will make headlines
Cybercrime is big business – it’s sophisticated, organised and relentless. The market, if you can call it that, has also significantly increased since the start of the pandemic – last year, a data breach costs $4.2m on average, up from $3.8m in 2020, continuing a year-on-year increase of 15%. Whole industries, secondary markets and supply chains have sprung up around finding and selling harvested credentials and access to exploited systems. People specialise in different roles and functions, just as in legitimate industries. Eventually, something will get through.
2. Legislative changes will make cyber security a board priority
The new Privacy Act 2020 has some key additions that will put cybersecurity squarely on the agenda at board meetings. The Act came into effect last December and now makes it compulsory for an organisation to notify the Privacy Commissioner of a data breach involving personal information. It’s also added new criminal offences and fines for managers and directors found to have been negligent in protecting personal information – including how any third-party providers are handling data. That puts some teeth behind the issue – IT managers will find they’re not the only ones worrying about cybersecurity anymore.
3. Shift to more data being stored on-shore
The new Privacy Act also stipulates rules around data sovereignty – personal data can only be stored outside of the country if the privacy landscape in the host country is just as robust as New Zealand’s. Since few international data centres even mention NZ legislation, organisations will have to carefully review the security setup of each host country and data centre against local requirements – a potentially arduous process. Luckily, multiple large data centres soon going live in New Zealand will offer a simple solution – keep the data here. This will also come with some other benefits including easier oversight, less likelihood of outages, a potential price drop and lower latency times.
4. More New Zealand-targeted attacks are coming
5. People are the real targets
While BEC (business email compromise), C-suite and phishing attacks impersonate well-known organisations, it’s worth remembering that their ultimate goal is to get money out of people. This wasn't always the case. Spam targeting individuals was once fairly low level. In the last five years, it’s become big business. Now, social engineering (aka digital cons) and privilege abuse (where a user’s access privileges are exploited) are the two biggest threats to organisations today. Cyberattacks exploit bugs in software to get to people, of course, but the real vulnerability is human fallibility. We click links in malicious emails, transfer funds to illegitimate bank accounts or leave personal information and credentials unprotected.