An emerging Wellington-based start-up is responding to the rising tide of cyber threats impacting New Zealand businesses, through the launch of a virtual chief information security officer (vCISO) service.
Designed to deliver protection as cyber crime begins to bite locally, the service is provided by Cyber Toa, a security start-up specialising in risk assessment, incident response, technical services and training.
Founded in 2016, the business already counts the Inland Revenue, the New Zealand Government, the Medical Council of New Zealand, Victoria University of Wellington, Electricity Authority, Flick Electric, Talent and Pacific Radiology as customers.
“All indications are that cyber crime is growing in New Zealand,” Cyber Toa CEO Mandy Simpson said.
According to Simpson, requests for assistance to the National Cyber Security Centre were up 66 per cent in the year to April 2016, with Symantec putting the cost of cyber crime in New Zealand at US$200 million last year.
“Our virtual CISO service will help companies concentrate their resources where they can make the most difference in protecting them against this growing threat,” Simpson explained.
“It’s a growing problem for everyone. A security failure in a New Zealand company or organisation can cause substantial reputational damage and will almost certainly have financial consequences.
“But where a company is handing personal data, it can also have consequences for individuals too. Sensitive personal information can end up in the hands of criminals.”
In offering a wide range of information security services, the vCISO service specifically targets organisations lacking the bandwidth to effectively protect its information and assets.
With a monthly recurring revenue monthly proving the most popular deliver method, the service provides leadership, guidance and mentoring for technical teams, alongside security policy, process, and procedure development.
Through enabling compliance with regulation and best practice guidelines, vCISO helps builds response plans and real-time incident response, coupled with security awareness and training programs and deeper levels of assessment.
“It’s easy for companies to be overwhelmed with the number of things they must do to stay safe,” Simpson added.
“While some companies can afford a full-time CISO to deal with the growing risks, not every organisation has resources at their disposal,” Simpson added. “A virtual CISO allows companies to access our Cyber Toa expertise in a flexible way.
“A virtual CISO can work inside a company helping them to steadily improve their cyber-security stance. What that means is different for every company, but it might include a company-wide risk assessment, developing a response plan if a security breach occurs, or building a security awareness programme for staff.
“And of course, if an incident occurs, a virtual CISO can lead the response, including accessing our specialist team to help. We provide everything required for the virtual CISO to act quickly and protect the company.”
Simpson said the expertise to deal with cyber security incidents can be hard to come by in New Zealand, hence the creation of Cyber Toa.
The business was set-up by Chris Ward, who has over 20 years’ experience in creating and leading incident response teams for the New Zealand Defence Force and before that the UK Ministry of Defence.
In addition, Ward has represented New Zealand as chair of two executive International Cyber committees.
“Our technical team is led by Tony Grasso, with decades of experience in the New Zealand intelligence community, and GCHQ,” Simpson added. “The virtual CISO service gives companies access to expertise that would be very difficult for them to directly employ.”