Cybercrime pays off when Kiwi businesses targeted

New independent research commissioned by Aura Information Security paints a stark picture of the cyber security battle New Zealand businesses are facing.

• More than half of businesses have been successfully targeted by a ransomware attack in the past year, with one in five businesses saying the attack caused serious disruption to operations.
• One in five businesses estimate their organisation is affected by 16 or more ransomware attacks per quarter.
• Two thirds of businesses admit they would pay a ransom to retrieve data after a ransomware attack. One in ten businesses would be willing to pay $50,000 or more.
• A third of businesses saw an increase in cyber-attacks during the Alert Level 4 lockdown. Two in five businesses say they have been targeted by a Covid-19 themed phishing attack.
• Half of IT decision makers don’t know about the Privacy Act amendment, despite it coming into law December 1 this year.

The rise of ransomware

New Zealand has a growing problem with ransomware attacks. The number of IT decision makers who estimate their organisation is affected by 16 or more ransomware attacks per quarter has doubled over the past 12 months[1]. In today’s business environment, one in five Kiwi companies say they’re are fighting off more than 60 ransomware attempts per year.

Aura General Manager, Peter Bailey (pictured), says these numbers are alarming but it could get even worse.

“The research shows more than half[2] of New Zealand businesses have been successfully targeted by a ransomware attack in the last 12 months. Not only that, but one in five hacked businesses say it caused serious disruption to their operations.

“Unfortunately, this is just the tip of the iceberg. Over the past year we’ve not only seen New Zealand businesses get pummelled by ransomware, we’ve also seen a big resurgence in distributed denial-of-service attacks (DDoS).

“While there’s a general belief that much of the cybercriminal world is still focused on the United States, there’s nothing stopping these hackers from shifting their focus towards New Zealand and, quite frankly, most of our businesses aren’t prepared,” says Bailey.

The official advice from the New Zealand Government is to not pay ransoms demanded by cybercriminals. Despite this, two thirds[3] of businesses admit they would pay a ransom to retrieve data after a ransomware attack. One in ten businesses would be willing to pay $50,000 or more.

“It’s a grim reality for businesses trying to decide what to do when their data is being held ransom. Not only is data locked down and out of reach, but systems can be offline as well, meaning critical business actions can’t take place. Sometimes the best option seems to be paying the ransom, but many businesses pay up and still never see their data again.

“The best approach is to prepare your business so you’re unlikely to ever face a ransom situation in the first place.”

Covid-19 cyber-attacks

Unsurprisingly, Kiwi businesses saw a surge[4] in cyber-attacks during the Alert Level 4 lockdown. Two in five[5] businesses say they’ve been targeted by a Covid-19 themed phishing attack.

“There was a lot of information going around when the Covid-19 outbreak first happened. People were looking for advice and hackers were able to ride that wave by mimicking reliable communications channels to trip people up. This is a common technique for cybercriminals, and it was also used to carry out many attacks when both the Christchurch earthquakes and mosque attacks occurred.

“The fact many of us were working from home and away from our typical work environment during lockdown meant regular office software protections were no longer in place. No matter when and where you’re working, it’s vital you pay attention to email senders and any attachments to ensure they’re legitimate.”

It’s only getting worse

Year-on-year, the number of IT decision makers that expect their organisation to be targeted by a cyber-attack is rising.

In 2018 it was 27 percent, in 2019 it was 42 percent, and this year more than half[6] of businesses expect to be hit by a cyber-attack over the coming year. In larger (those with 300 or more internet-connected devices) Kiwi organisations that skyrockets again to 69 percent.

Bailey notes that businesses must always be vigilant online and urges people to stop thinking it won’t happen to them.

“All New Zealanders need to remember that everyone is a target. Whether a big or small business, ransoms are adjusted to increase the likelihood of the hacker getting paid.

“Experiencing a hack also isn’t just about financial loss and system compromise. Business reputation can also be hugely impacted which is often more important than any financial burden. If your customers can’t trust you to keep their data safe, they’re going to go elsewhere.”