Scoop has an Ethical Paywall
Licence needed for work use Learn More

Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Communications Essential In Cybersecurity Crisis - Expert


MEDIA RELEASE
For immediate release
28 November, 2017


Communications Essential In Cybersecurity Crisis, Says Expert

Business leaders are not taking cyber security seriously enough, said internationally renowned cyber security expert Dr Ryan Ko, and that poses a significant risk to their companies’ reputations.

“Communications is a much neglected aspect of responding to cyber security incidents,” said Dr Ko, speaking at business learning lunch event in Hamilton. “The spread of information is so fast, and reputations are very hard to get back when lost.”

Dr Ko, director of the NZ Institute for Security and Crime Science, was speaking at CRUNCH – Crucial Conversations Over Lunch, organised by Hamilton public relations firm HMC Communications. During the workshop Dr Ko described the current state of cybercrime in New Zealand and, together with the HMC team, led business leaders in a cyberattack scenario.

This week marks Cyber Smart Week in New Zealand, where people are encouraged to review and strengthen their cyber security systems at home and work.

Dr Ko said that the size of cybercrime internationally was larger than drug trafficking, according to a Norton Cybercrime Report. “It was reported that, globally, cybercrime cost $388 billion which was larger than the cost of drug trafficking at $288 billion,” said Dr Ko. “Every half-second a unique malware or virus is created somewhere in the world. Cybersecurity is a serious concern for companies, and New Zealand business leaders need to do more to protect their company and their customers.”

Advertisement - scroll to continue reading

Dr Ko said that there was a global trend with businesses and boards of directors being held liable for cybersecurity incidents. “The public perception is that businesses and boards should take responsibility for personal information, and that means cyber-attacks have legal implications for directors,” said Dr Ko. “It’s not a matter of ‘if’ it will happen, but when, and directors may be facing liability.”

Dr Ko cited the example of Target, a well-known US discount retailer, who was affected by a cybersecurity attack in 2013. Hackers stole credit and debit card information from up to 40 million customers which revealed the company’s weak cybersecurity measures and ended up costing the retailer millions of dollars.

Another case was the Wyndham Worldwide Corporation, a US hotel chain that was sued in 2012 for breaching customer’s confidential information when credit card details were hacked and posted to a Russian website.

Dr Ko said that New Zealand companies are at risk of cyber-attack, and more than half – 56 per cent – of New Zealand companies claimed to have a cyber-attack at least once a year (in 2014).

The five top threats to New Zealand companies, identified by Dr Ko and his research team, included ransomware, distribute denial of service (DDoS), social engineering, hijacking unpatched platforms and obsolete communications, cyber forces and weaponry.

“Many think it will not affect them, especially small to medium businesses, but they are not immune,” said Dr Ko.

As with any crisis, cybercrime affects a company’s reputation, said HMC Communications director Heather Claycomb. “We know that a company’s reputation is one of their organisation’s primary assets,” said Claycomb. “Reputation is harder to manage than any other risk, and those risks are increasing.”

She said that it was important for businesses to include communications planning when preparing for potential cybercrime situations.  “Cybercrime is a major risk to New Zealand organisations.  And just like any other major business crisis, you can take back some control in a seemingly uncontrollable situation when you do two things: plan and practise.  It’s not enough to have a solid cyber security strategy – you also need a robust crisis communications plan as part of your risk mitigation.”

Participants left with a better understanding of cybersecurity risks and how they might affect their business. They also received useful information and referrals to resources to help get them better prepared and more successfully communicate during a cyberattack crisis.

“I think we are quite naïve in New Zealand around risk,” said Campbell Parker, general manager of Waikato Milking Systems. “You see it in fraud cases, and it’s true when it comes to cybersecurity also.”

He said that large organisations often had robust systems, policies and procedures in place but smaller firms were vulnerable, especially those reliant on external providers. “When you think that 97 per cent of New Zealand companies are SMEs (small-to-medium enterprises) with less than 20 employees, then there is a risk to them.”

Tag IT managing director Josh White said he learnt a lot from the presentation and it highlighted areas to focus on. “We’ll be reviewing systems and strategies,” said White.

Myles Imperial, managing director of Workhub Services said cybersecurity is a topic that all business people should brush up on. “We are in a computer age and you have to have a plan if something happens online. This is a session that should be done by all business leaders,” said Imperial.

Habitat for Humanity general manager for the central North Island, Nic Greene, said protecting data and privacy was integral to his organisation. “We trade on our reputation as a charity.”

He also valued the opportunity to discuss the topic with other business leaders, and consider the management and communications response to cybercrime. “Also, Ryan Ko is a bit of a legend,” said Greene.

SIDEBAR:

ARE YOU PREPARED FOR A CYBER ATTACK? Things for business leaders to consider

What is your board of directors doing to address the risk of a cyber-attack to your business or organisation?
Have cyber security policies been reviewed (and do they even exist)?
Are there policies around external contractors?
Does the business or organisation have cyber insurance?
Is there a chief information security officer in the company?
What would you do in the event of a cyber-attack, operationally and with your communications (internally and externally, including stakeholders and media)?

-ENDS-

ABOUT CRUNCH SEMINARS
Today’s seminar was the first in a series organised by HMC Communications, Hamilton’s leading public relations agency. CRUNCH – Crucial Conversations Over Lunch – has been designed to bring senior business leaders together to tackle topics that matter to them, no matter what industry they operate in. In particular, the 90-minute sessions help leaders navigate the pressures they face from outside sources and how that can impact reputation.

Dr Ko and the HMC Communications team led participants through a cyberattack scenario in small groups. The fictional scenario, based on real life events, got participants talking about what they would do in the immediate minutes and hours after a cyber-attack to their company, looking at both the operational and communications response to the crisis.

For more information on the next CRUNCH event, please contact HMC Communications’ director Heather Claycomb on heather@hmc-communications.co.nz or phone 07 444 5016.

For more on HMC Communications see www.hmc-communications.co.nz


ABOUT DR RYAN KO
Dr Ryan Ko is an Associate Professor in Computer Science from University of Waikato. He established New Zealand’s first cybersecurity graduate programme and lab in 2012 (https://crow.org.nz) and is director of the NZ Institute for Security and Crime Science.

Dr Ko is world-renowned in his field and is an advisor to major international organisations, including Interpol and the United Nations. He also consults to New Zealand government agencies including New Zealand Police, the Defence Force, Ministry of Justice and the Department of the Prime Minister and Cabinet. He is an international faculty member with the National Information Assurance Training and Education Center (NIATEC) at Idaho State University.

Prior to his academic career, he was a lead computer scientist with Hewlett-Packard Labs – some of his inventions are now used in security monitoring tools used by government agencies around the world.


ABOUT CYBER WEEK
Cyber Smart Week runs from November 27 to December 1 in New Zealand. Stepping up your cyber defence, at home and at work, is easier than you think. Four easy steps include: changing your password, turning on the two-factor authentication (a password and a code), updating your operating system and checking privacy settings. For more information on Cyber Smart Week see here: https://www.cert.govt.nz/cybersmart/

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.