Thursday, November 10, 2016
New Zealand needs a cultural shift to keep data safe
New Zealanders need to better understand the risks of prioritising user features over security when it comes to the many
internet-connected devices we use, says a Massey University cybersecurity expert.
Dr Andrew Colarik, a senior lecturer with the Centre for Defence and Security Studies, discussed the many ways in which
our personal, company and national security information can be extracted and used against us at the Massey University
Future NZ Forum on Cyberscurity, held this morning.
Dr Colarik warned that New Zealand hasn’t invested heavily enough in infrastructure to make the country resilient
against denial-of-service attacks, or to keep data safe. The problem, he says, is the infrastructure we have built is
scaled for New Zealand’s population, but that same infrastructure connects us to the rest of the world.
“Everything we do in this country is now so dependent on the free flow of information and the connections that we
maintain. Any disruption to that will have huge, cascading effects,” he says.
“A large denial-of-service attack could shut down communications to the whole country quite easily. If targeted for
competitive or political reasons, there are very few organisations that would be resilient to that sort of attack.”
He says both individuals and organisations need to understand that communications infrastucture, by its nature, is not
secure.
“There are only measures of security,” he says. “The notion that the internet is secure is just salesmanship.”
He asked how many of us really think about the access we give to our information when we download an app or a game like
Pokemon Go!
“Pokemon Go! has the right to take all your pictures, all your contacts, basically everything on your phone and send it
to the mother company. The company that owns it, their net worth increased by billions – how is that possible if the
data isn’t worth something?”
In this digital landscape, New Zealand’s economic livelihood faces real threats, Dr Colarik says. New competitors are
emerging all the time – and some will have the know-how and motivation to extract information for competitive advantage.
“What happens when an organisation’s own information is used against it? Customer details, costing and pricing
structures, and other intellectual properties are all there for the taking if not properly protected.”
But he says this is not just a national security problem for the government to deal with.
“Sure, more investment in infrastructure is helpful, but what we really need is a cultural shift to strike the right
balance between user features and security, and data useage and privacy. You can’t have your cake and eat it too.
“This needs to be done at a whole-of-society level. We all need to take responsibility for the level to which we share
our personal data, and we need more education and greater discussion about who owns and controls our information. A
genuine public/private partnership is essential for ensuring everyone’s prosperity in our digital future.”
After his speech Dr Colarik was joined by a panel of industry experts to discuss the strategic cybersecurity issues
facing New Zealand.
Panelists Ken Wallace, practice leader, technology risk and assurance at Ernst & Young; Kendra Ross, director and co-founder of Duo; and Steve Walsham, executive broker at Crombie Lockwood shared
insights on how to make organisations more resilient to cyber attacks and how to get senior management buy-in for
security expenditure.
They also acknowledged there was a lack of capability in New Zealand for dealing with cybersecurity issues, but
identified it as an opportunity for the future.
“There is a global skills shortage – 1.5 million cybersecurity roles currently unfilled globally,” Ms Ross said. “We
have an ability here to actually build a workforce that we could be exporting in terms of skills and resource
capability.”