Navigating the Icebergs of Cyber Risk: A Wake-Up Call from New Zealand's Cyber Attack Surge

The recent surge of cyberattacks on New Zealand businesses, healthcare providers, and government entities serves as a chilling reminder of the unseen 'icebergs' lurking in today's digital landscape. Much like the Titanic disaster, these breaches demonstrate that even the seemingly 'unsinkable' can fall victim to catastrophe, particularly when complacency and lack of foresight take the helm.

In an intelligence report, it was revealed that cyberattacks on New Zealand targets are on the rise, with the government urged to take more aggressive action to safeguard private information. High-profile data breaches, such as those that occurred with Pinnacle Health and Waikato District Health Board in 2022 and 2021 respectively, have thrust the issue into the spotlight. Thousands of individuals had their details stolen, and these attacks only hint at the depth of the 'iceberg'.

The gravity of the situation is further underscored by a Wellington law firm’s recent cyber attack, where clients' information, potentially valuable for financial fraud, was left unencrypted and vulnerable. One affected client’s outcry – “You don’t feel like you can do anything, can you, really? Some criminal in Romania somewhere has got that stuff. Who knows what they’ve got and where it turns up?” – epitomizes the feelings of helplessness that often accompany such incidents.

Even, Latitude, a personal loan company, suffered a major cyber attack where private information on a million New Zealanders was stolen. Astonishingly, some victims have yet to be informed of the breach, further compounding the issue of poor communication and lack of urgency that often accompanies such incidents.

This disturbing trend extends to government agencies too. An ongoing investigation is underway into a cyber attack that affected thousands of coronial and health files, emphasising that not even our most sensitive data is immune to these risks.

These numerous cyber-attacks offer a critical lesson for businesses and organisations: the Titanic wasn't sunk by the visible tip of the iceberg, but by the hidden mass below the waterline. Similarly, the most significant cyber risks are often those that go unnoticed until it's too late. The cost of underestimating these threats can be catastrophic, leading to financial ruin, reputational damage, and severe legal consequences.

How, then, do organisations avoid the tragic fate of the Titanic? By adhering to the following strategies:

1. Education and Awareness: Businesses must ensure that all levels of their organization are not only aware of the threats but are equipped to identify potential 'icebergs' early.

1. Risk Management Planning: Businesses must have robust risk management plans in place. These should include technical measures, business continuity planning, communication strategies, and appropriate insurance coverage.

1. Encryption and Security Measures: As the attacks on the Wellington law firm and Latitude underscore, it's crucial to encrypt and protect sensitive data. As one client put it, encryption is "basic 101."

1. Prompt Communication: In the event of a breach, affected parties must be informed as soon as possible, a lesson that Latitude is learning the hard way.

1. Government Intervention: The government has a role to play in improving cyber security measures and standards, as the recent intelligence report stressed.

Navigating the digital seas filled with lurking 'icebergs' is no easy task, but with careful preparation, vigilance, and a commitment to comprehensive risk management, organisations can avoid the tragic fate of the Titanic and sail confidently into the future. Now is the time for action. The cyber-risk 'iceberg' isn't just a dot on the horizon—it's much closer than you think. If you are stuck at getting started, chat to the experts at Cybercraft who can help you with steering your organisations cyber risk journey.