20% of NZ cybersecurity incidents relate to cloud platforms - Kordia

Over a third (36%) of large New Zealand businesses have had operations disrupted by cyber attacks, with 20% of them relating to cloud platforms, according to state own communications infrastructure and IT services company Kordia.

A new study commissioned by Kordia and undertaken by marketing intelligence company Perceptive suggests that while cloud platforms benefit from in-vuilt security systems offered by the likes of AWS and Microsoft and private cloud vendors, cloud misconfigurations and vulnerabilities pose a considerable threat to businesses migrating to the cloud.

A new study commissioned by Kordia and undertaken by marketing intelligence company Perceptive suggests that while cloud platforms benefit from in-built security systems offered by the likes of AWS and Microsoft and private cloud vendors, cloud misconfigurations and vulnerabilities pose a considerable threat to businesses migrating to the cloud.

“The cloud is proving a bountiful hunting ground for threat actors,” Kordia points out in its report.

“Research by Sysdig has found that attackers targeting the cloud are building tools that automate the scanning, finding, and exploiting of the target in the attack, and then accessing systems via leaked credentials and common vulnerabilities. Attacks on cloud-based networks per organisation increased by 48% between 2021 and 2022, according to data from Check Point,” it adds.

Cybercriminals are financially motivated, says Alastair Miller, Principal Consultant at Aura Information Security, Kordia’s cybersecurity advisory and testing consultancy, which is why there’s a trend towards operational downtime over simply stealing and encrypting data, often via ransomware attacks, and demanding payment to unencrypt it.

“It’s much harder for organisations to ignore an attack when they can’t function for a period of time. The motivation to pay a ransom is greatly increased when you can’t generate an operational income,” he says.

Key findings:

- One in three (36%) businesses impacted by cyber-attacks or incidents say their business operations were disrupted

- 28% of businesses impacted by a cyber-attack or incident point to third-party suppliers as the cause

- 70% of business leaders say they would consider paying a ransom to a cybercriminal

-  Cloud misconfigurations or software vulnerabilities were responsible for causing cyber incidents for almost two out of five (39%) businesses

- Around 46% of cyber incidents and attacks took longer than one month to resolve 29% of businesses suffering a cyber incident say personal data was stolen or accessed.

Cloud-related attacks formed the largest category of incidents according to survey respondents, which included 216 leaders of New Zealand businesses with 100 “seats” or more.

Cloud misconfiguration or vulnerabilities accounted for 39% of cloud-related cyber incidents. That was an 11 percentage point rise on the previous year, with distributed denial of service (DDoS) attacks coming in second (35%).

“With a very low barrier to use, DDoS has also been observed as a tactic used in conjunction with other methods, leveraged by threat actors to mask other attacks occurring concurrently,” says Miller.

“Phishing continues to remain in focus, whilst supply chain attacks came to the fore for New Zealanders, with third-party attacks featuring in more than a quarter (28%) of all incidents.”

While one-third of survey respondents want to see the Government invest more in cybersecurity at a national level, they also echo the Privacy Commissioner’s comments at a cybersecurity conference in Wellington last week, that the penalties for cyber breaches aren’t strong enough.

New Zealand’s current privacy laws only punish failure to report a breach and that caps penalties at NZD$10,000, significantly more restricted and lower than legislation in other five eyes nations,” says Miller.

“Australia has made notable changes to cyber security governance, through a slew of legislative changes including harsher privacy law penalties of up to $50 million and mandatory reporting requirements for ransomware attacks. A notable number of respondents have indicated they would be supportive of similar initiatives in New Zealand.”

Cybersecurity upgrade - Kordia’s five focus areas for businesses in 2024:

1. Plan for recovery as part of your response.

Operational downtime can hurt a business more than the initial cyber-attack.

Effectively recovering your businesses as rapidly as possible after a major cyberattack depends on a properly deployed backup and restore regime. Any solution should include encryption, along with the combination of full, incremental, and differential backups.

2. Security should go hand in hand with a cloud transformation strategy

There are lingering perceptions that the cloud is more secure than more traditional on-premises systems. While there are certainly benefits that can be leveraged from the cloud, without the right security layers, businesses are just as exposed.

The best way to ward against misconfigurations and security gaps in cloud environments is to implement an get security requirements into cloud projects early, that sets out how security is factored into your cloud environment, and ensure it evolves as your platforms do.

3. Rationalise spending via risk-based planning

Assessing how to invest appropriately in security can be challenging – especially in the face of rising costs and tough economic conditions. As organisations expand their digital operations, a risk-based approach can help rationalise spend and set strategic objectives to ensure security needs are being addressed.

Understanding your risks will help determine areas of focus, providing a starting point to building out a holistic security programme. Ongoing measurement of the effectiveness of your strategic roadmap will determine whether your organisation is focusing on the right areas.

4. Factor people into your cyber strategy

Human error accounts for many cyber security incidents and data breaches, there’s a great need for better awareness and adoption of security behaviours across all facets of organisations. Business leaders need to champion a culture change within the organisation, that sees all employees adopting a mindset shift.

5. Elevate cyber security to the board

With increasing impacts and a significant number of businesses confirming that they are being compromised by cyber incidents, it is imperative that board members take cyber defences seriously.