The latest threat report released by CERT NZ today shows over 700 cyber security incidents were reported from 1 April to 30 June - the largest
ever volume for a single quarter – cementing CERT NZ’s role as a central coordinator in New Zealand.
Phishing reports are also up significantly this quarter; from 196 in quarter one, to 455 in quarter two. This leap in
reporting comes from closer collaboration with the financial sector, and has enabled us to get a better picture of the
phishing campaigns that constantly target New Zealanders.
“The rising number of reports we are seeing demonstrates the growing level of trust for CERT NZ as a central front door
for cyber security issues,” says CERT NZ Director Rob Pope. “But the volume of incident reports is only one aspect of
the work we do, and this quarter CERT NZ is pleased to be able to share deeper analysis and categorisation of reported
vulnerabilities.”
A vulnerability is a weaknesses in software, hardware or an online service that can be exploited to damage a system or
access information. 69 vulnerability reports were received over quarter one and two of 2018, with 15 handled under our
Coordinated Vulnerability Disclosure policy (CVD).
Mr Pope encourages all organisations to have a plan for vulnerability reports, “A little careful planning and talking to
us ahead of time is likely to make the process much less painful for everyone involved.”
CERT NZ values working with people and organisations at all levels of the cyber security ecosystem within New Zealand,
and thanks to the data received through reporting, CERT NZ is able to drive other key initiatives. For instance, in
quarter two, CERT NZ received a report from an online e-commerce store that had repeatedly suffered breaches over the
course of a year.
“We were able to help them identify the key areas where their website’s security was falling short and to understand why
these weaknesses hadn’t been resolved by their temporary and partial fixes,” says Mr Pope. “With guidance from our team,
they were able to take steps to resolve the weaknesses and keep the attacker out for good.
“It’s information from cases like this that enable us to create data-driven content that helps Kiwis stay resilient to
cyber security threats. When we saw that New Zealand business websites were experiencing issues, we used this
information to create a focused guide for businesses, with key measures they could take to protect themselves.”
The CERT NZ guide to securing business websites is available on the CERT NZ website: www.cert.govt.nz/protect-it.
For more insights into what CERT NZ has seen in the New Zealand threat landscape in quarter two 2018, see the CERT NZ
Quarterly Report [link]. If you or your organisation experiences a cyber security issue report it to CERT NZ at www.cert.govt.nz