National Cyber Security Centre says it shielded NZ from $70M of harm in 2020

National Cyber Security Centre says it shielded NZ from $70M of harm in 2020

NCSC reports the COVID pandemic created opportunities for malicious actors targeting critical services

Credit: ID 73611792 © Weerapat Kiatdumrong |

The National Cyber Security Centre (NCSC) says a range of malicious actors are continuing to target significant New Zealand organisations.

Releasing its annual cyber threat report 2020 yesterday, the NCSC, which is part of the GCSB, said throughout the year, state-sponsored and non-state actors have shown their willingness to target New Zealand organisations in all sectors using a range of increasingly advanced tools and techniques.

“A common theme this year, which emerged prior to the COVID-19 pandemic, was the exploitation of known vulnerabilities in internet-facing applications, remote desktop services and virtual private network applications," said the centre's director, Hamish Beaton.

“This means organisations with poor security posture are more likely to become a victim of malicious cyber activity, and are much less likely to detect such activity before harm is caused."

Between 1 July 2019 to 30 June 2020, the NCSC recorded 352 cyber security incidents compared with 339 in the previous year.  Thirty per cent of those were able to be linked to state-sponsored actors.

COVID-19 had created many opportunities for malicious cyber actors to steal data, commit financial crimes, undertake espionage or disrupt the systems of organisations with a pandemic response role, the report said.

"Throughout the COVID-19 pandemic, cyber criminals demonstrated a disregard for threat to life and livelihood.

"Organisations involved in the crisis response were targeted by cyber criminals, who sought to impair the operation of hospitals, and other medical services and facilities. 

"This reinforces the importance of good cyber security practices within any agency or organisation that may be involved in crisis management and the provision of services to the public, as cyber criminals quickly seek to exploit crises for their own financial benefit.

Beaton said the number of incidents recorded by the NCSC represented a small proportion of the total incidents because the agency's focus was on providing support for nationally significant organisations and responses to potentially high impact events.

CERT NZ, which also released its latest quarterly report yesterday, recording 2610 reports from organisations and individuals for the three months to 30 September, 2020.  

The difference in numbers reflected the different perspectives the two organisations have, with CERT NZ focusing on individuals and smaller organisations.

The NCSC's own cyber defence capabilities, dubbed Cortex, also continued to provide significant value, Beaton said

“Our analysis, based on a model which we had independently revalidated in 2019/20, indicates the detection and disruption of malicious cyber activity through the NCSC’s capabilities prevented $70 million in harm to New Zealand’s nationally significant organisations," Beaton said.

“This means that since June 2016, the NCSC has prevented harm from hostile cyber activity by approximately $165 million."

A series of DDoS attacks on the NZX and other New Zealand organisations have been an important focus for the NCSC recently, but occurred outside this reporting period. 

The NCSC continued to build and grow New Zealand’s cyber defence capabilities, most recently through the successful pilot and initial delivery of Malware Free Networks (MFN), a scalable malware detection and disruption service.

“The delivery of MFN demonstrates the successful cooperation between public and private sector organisations and is an important part of the national strategy for increasing New Zealand’s cyber resilience," Beaton said.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cyber crimecyber secuitygcsbNCSC



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments