New Zealanders’ concern about hacking and viruses has declined in the last year, from 48 per cent of the population being 'seriously concerned' in 2019, down to 40 per cent this year, according to new research by Unisys.
The data, drawn from the 2020 Unisys Security Index, shows that New Zealanders are aware of, but not concerned about, cyber attacks while working from home during the COVID-19 pandemic.
The latest snapshot of consumer security concerns by the IT services firm showed that during the pandemic, only 22 per cent of Kiwis were concerned about the risk of a security breach while working remotely.
At the same time, just 26 per cent were concerned about the risk of being scammed, leaving them – and their employers – vulnerable to cyberattacks including scams, phishing and ransomware.
Meanwhile New Zealanders’ concern for the underlying cybersecurity issues that facilitate fraud and cyber crime has also decreased, with 40 per cent of New Zealanders concerned about computer virus and hacking, down from 48 per cent in 2019.
By contrast, the research found that 55 per cent of New Zealanders were concerned about the country’s economic stability, 41 per cent about their own financial security and 34 per cent about their job security during the pandemic.
According to Unisys Asia Pacific vice president and commercial and financial services sector lead Andrew Whelan, it is important for businesses and individuals to remain vigilant in the current climate, despite waning concern for the risks.
“New Zealanders appear to be distracted by their higher concern of national infrastructure and family well-being during the pandemic,” Whelan said. “This is a critical issue for organisations that underwent a rapid transformation to move to work from home models as it appears employees likely assume that their employer is taking care of securing data and systems.
“Yet for many organisations, the initial priority was to simply get people working remotely and their security measures have not yet caught up with the wider attack base this created. People remain one of the top points of vulnerability – especially as attackers use high interest in COVID-19 to trick people into clicking on links or giving information which can launch ransomware and other malicious software.
“Employers need their people to remain vigilant,” he added.
According to Whelan, organisations using cloud-based services had the greatest flexibility to move to work from home models quickly, but for others it was a big change technologically and culturally.
People are the weakest link in security, Whelan noted, with shadow IT growing with every unauthorised app downloaded; these might not be covered by the security rigour deployed across the rest of the organisation.
“Employers should ensure their people...have secure direct access to applications…are trained to identify and avoid malicious scams and phishing attacks designed to exploit the fears and distractions created by the pandemic, and...can quickly isolate devices or parts of the network to minimise the extent of a breach – because breaches are inevitable,” he said.
How NZ compares to the rest of the world
The report is based on national surveys of representative samples of 15,699 adult residents from 18-64 years of age, with interviews conducted online in each of the 15 countries studied. All national surveys were conducted from 16 March to 5 April 2020.
The global report showed that New Zealanders ranked close to the bottom of Unisys’ list, in terms of concern, with the UK, Belgium, France and Australia ranking above the country, along with several developing nations.
Globally, concern about disasters and epidemics has, unsurprisingly, jumped into the top three areas of concern, with 62 per cent seriously concerned.
Meanwhile, personal safety has seen the largest increase, rising nine percentage points to 58 per cent ‘seriously concerned’. Concern about all six other security risks has fallen, including those relating to internet security, hacking and (computer) viruses and online shopping.
“This reflects a false sense of security, given that the risks are now higher, in light of COVID-19, than ever before,” the report stated.
Unfortunately, this comes as reliance on the internet increases dramatically as work becomes a remote, distributed affair. Yet, only 41 per cent of respondents said they were seriously concerned about the risk of a data or security breach while working remotely, which was the lowest of all the concerns measured globally.
Moreover, only 45 per cent of respondents said they were concerned about the risk of being scammed during or about a health crisis.
“This is worrying given that the vast majority of cyber attacks – 98 per cent, by some estimates – deploy social engineering methods (such as phishing), with the WHO [World Health Organisation] reporting a five-fold increase in attacks since the start of the pandemic,” the report said.
It should be noted that this year’s survey was conducted during the outbreak of a pandemic, during which consumers faced heightened concern for the health and safety of loved ones as well as dealing with the possibility of losing employment and the impact of the pandemic on the economy.
“Given this dynamic, it is no surprise to see consumer concerns rising in terms of national and personal security,” the report stated. “However, with more people than ever working and shopping from home – and sharing their financial details with online retailers around the world – it is both surprising and worrying to see that consumer concerns about financial and internet security are decreasing.”
Unisys chief trust officer Tom Patterson asserted that, “workers from home need to understand that they are now part of this new expanded attack surface for the critical infrastructure of their entire country.”
At the same time, companies need to make it easier for their employees to be secure when connecting from home, and that means more use of zero trust processes and technology, including always-on encrypted direct access, identity verification tools and a software-defined perimeter to limit the damage from malware getting in, the Unisys report suggested.