The National Cyber Security Centre (NCSC) says state-sponsored cyber attacks on New Zealand organisations are becoming increasingly damaging.
The director of the NCSC, Lisa Fong, said NCSC analysis of incidents shows them having greater impact than in 2018, although the number of attacks was comparable.
“NCSC analysis of these incidents shows … in previous years more state-sponsored incidents were detected at an early phase before the actors were able to cause harm.
“In 2018-19 more incidents were detected at a later (post compromise) stage in the threat cycle, when actors have been able to establish their presence on a network and potentially have an effect on it.”
The NCSC’s findings are detailed in its Cyber Threat Report 2018/19, released last week.
Fong said the NCSC concentrated on potentially high impact events and nationally significant organisations and as such incidents recorded by the NCSC represented a small proportion of the total cyber security incidents impacting New Zealand.
Big savings from NCSC initiatives
NCSC has developed advanced cyber defensive capabilities, known as Cortex designed to counter technically sophisticated foreign-sourced malware that is adequately mitigated by commercially available tools.
Fong said the NCSC estimated Cortex capabilities had saved New Zealand organisations in excess of $27.7m in the 2018-19 year, and $100m since its introduction in 2016.
Malware detection to be extended
NCSC has also developed Malware-Free Networks, a cyber threat detection and disruption service offered to a broad range of New Zealand’s nationally significant organisations.
Fong said NCSC was working with a range of service providers expand it usage.
“In 2020 the NCSC will be offering this cyber threat intelligence to a broad range of customers, either directly or via their ISP,” she said.
According to its webpage, the MFN service was piloted with Vodafone, to trial delivery to a subset of its customers and he pilot “confirmed GCSB was able to provide added benefits and proved provision of this type of cyber threat information could be automated.”