NZ attacks again highlight that cyber defence benefits surely outweigh costs

A series of recent cyber attacks reported to have targeted and disrupted the usual operation of the stock exchange in New Zealand (NZX) again highlight the case for proactive investment in cyber defences ahead of cyber incidences occurring or being attempted.

New Zealand’s Government Communications Security Bureau (GCSB) has been called in to help the bourse understand and defend against future attempts to interfere with the normal operations of the exchange, with the latest threat vector of choice being described as a sophisticated and severe distributed denial of service (DDoS) attack.  

Highly concerning is the fact that the latest series of attacks have been described as being among the largest, most well-resourced and sophisticated witnessed in New Zealand, in-line with global trends pointing to better resourced, technically capable, and more determined international threat actors at work.

Beyond the ongoing investigation and tightening of cyber security technologies and protocols, New Zealand should take this opportunity of heightened focus on the issue of cyber security and resilience to build awareness on the real and growing nature of cyber threats, and the proactive actions required to mitigate future incidences.

It is no longer enough to double-down on securing critical infrastructure alone, as it has become patently clear over time that threat actors may also look to exploit available vulnerabilities and then work their way to more sensitive or valuable data via the growing interconnectivity of digital systems and devices.

In the case of New Zealand, companies trading on the stock exchange ought to be required to undertake similar cyber security assessment testing and vetting as is currently being undertaken by the NZX, with the view to incorporating  cyber security threat planning, detection, protection, and recovery protocols as central to their cyber defences. Over time, minimum cyber security standards ought to be established for all registered private and public entities.