New Zealanders have lost more than $1.9 million to cyber security issues during the past nine months, as breaches continue to impact local individuals and businesses.
Specifically, $1.1 million was scammed during the third quarter of 2017, bringing the total financial loss to $1.9 million since the launch of CERT NZ in April.
Launched nine months ago, CERT NZ takes reports from all Kiwis about how they have been affected by cyber security, with plans in place to assist in recovery strategies.
“The reports we received in the quarter to 30 September show that our relative geographic isolation is no barrier to being affected by these threats,” CERT NZ director Rob Pope said.
Between 1 July and 30 September, CERT NZ received 390 incident reports of which the vast majority, 297, were responded to by the organisation.
During this period, Pope said CERT NZ has seen an increase in targeted invoice scams affecting both individuals and businesses around New Zealand.
“As we noted in our previous report, targeted attacks are on the rise,” he explained. “In this quarter we’ve seen an increase in invoice scams impacting New Zealand businesses through a range of means.
“We’ve also seen a marked decrease in ransomware reports following the global ransomware attacks that we saw earlier this year, with these reports dropping by over 50 per cent.”
As a result, Pope encouraged all Kiwis affected by cyber security issues to report such incidents to CERT NZ.
“Our team is here to help people who have been affected by cyber security issues by giving them advice and assistance on how to avoid and overcome them,” he added.
“The more reports we receive, the more information we can share with New Zealanders to help them protect themselves.”
The rise in cyber crime across the country follows news that worldwide enterprise security spending will total US$96.3 billion in 2018, representing an increase of eight per cent from 2017.
According to Gartner research, organisations are spending more on security as a result of regulations, shifting buyer mindset, awareness of emerging threats and the evolution to a digital business strategy.
“Overall, a large portion of security spending is driven by an organisation's reaction toward security breaches as more high profile cyberattacks and data breaches affect organisations worldwide,” Gartner research director Ruggero Contu observed.
“Cyber attacks such as WannaCry and NotPetya, and most recently the Equifax breach, have a direct effect on security spend, because these types of attacks last up to three years.”
As outlined by Contu, this is validated by Gartner's 2016 security buying behaviour survey.
Of the 53 per cent of organisations that cited security risks as the no.1 driver for overall security spending, the highest percentage of respondents said that a security breach is the main security risk influencing their security spending.
Consequently, and of note to the channel, security testing, IT outsourcing and security information and event management (SIEM) will be among the fastest-growing security subsegments driving growth in the infrastructure protection and security services segments.
In addition, Gartner forecasts that by 2020, more than 60 per cent of organisations will invest in multiple data security tools such as data loss prevention, encryption and data-centric audit and protections tools, up from approximately 35 per cent today.
Skills shortages, technical complexity and the threat landscape will continue to drive the move to automation and outsourcing.
“Skill sets are scarce and therefore remain at a premium, leading organisations to seek external help from security consultants, managed security service providers and outsourcers,” Contu added.
“In 2018, spending on security outsourcing services will total $18.5 billion, an 11 per cent increase from 2017. The IT outsourcing segment is the second-largest security spending segment after consulting.”
By 2019, Gartner predicts that total enterprise spending on security outsourcing services will be 75 per cent of the spending on security software and hardware products, up from 63 per cent in 2016.
Contu said enterprise security budgets are also shifting towards detection and response, and this trend will drive security market growth during the next five years.
“This increased focus on detection and response to security incidents has enabled technologies such as endpoint detection and response, and user entity and behaviour analytics to disrupt traditional markets such as endpoint protection platforms and SIEM,” Contu added.