When New Zealand first went into lockdown in March 2020, businesses and government departments were immediately forced to think differently.
Remote offices were set up, everything went online, creating an immediate need to store, transport, share and process a larger amount of data – and increase security. It all made for a steep learning curve in the face of a global pandemic and opened up new exposure to cyberattacks.
"In the past 12 months we've seen a real increase in ransomware and distributed denial-of-service (DDoS)cyberattacks targeting the take-down of customer IT assets, flooding them with requests with the sole intent to disrupt business," says Nick Lambert, Senior Vice-President Asia Pacific for Orange Business Solutions.
The New Zealand Stock Exchange and Metservice were both immobilised by cyberattacks last year and new data suggests they're an ongoing and constant threat – with reported cyber incidents up 65 per cent in 2020, with a financial loss of at least $16.9m. In January, the Reserve Bank said it was responding to a data breach of a third party file sharing system it used to share and store sensitive information.
"There's been a real uplift in ransomware attacks, typically 'give me so many bitcoins or I'll expose or delete your data by this time and day'," says Lambert. "Attacks are becoming more sophisticated."
With data a new form of currency, shared across wider, often less-secure home-based networks, businesses that haven't focused on increasing network, IT and cloud security, have become even more exposed.
"Some businesses are dragging their feet. Some view their critical assets not as critically as others. That's a misread, as they are a supply chain to other customers. Security now has to be a part of every discussion," he says.
"The cost of not being digitally resilient can be catastrophic, from losing multi-millions to closing up shop to - worst case scenario - a takeover of an automated hospital machine during surgery or vehicle on the road. That scenario is unthinkable."
But entirely possible. In February, for example, a hacker gained access to the water supply of a city in Florida and tried to pump in a dangerous amount of sodium hydroxide (lye).
Orange Business Services, a network-native digital services company, helps organisations in areas such as software-defined networks, multi-cloud services, Data and AI, IoT, and cybersecurity, and collaborates with customers like the New Zealand government's Computer Emergency Response Team (CERT NZ), the cybersecurity unit for individuals and businesses to report threats and receive support and advice.
"Our work with CERT NZ is absolutely critical in terms of the exchange of global threat intelligence," says Lambert. "We share information both ways and make community-based intelligence decisions.
"We have these relationships with CERTs all over the world and it means we can get a more holistic perspective on what threats are currently active. We can help identify a problem, interrupt and remediate before it becomes a problem.
"Covid-19 has taught us to be more sharing and caring, which is good for all."
Among other things, Orange Business Services provides companies with innovative digital services, like Automated Threat Intelligence, a system which helps to identify a threat faster.
"There's a lot more machine learning in the cybersecurity space these days, our Automated Threat Intelligence can be done faster than having people looking through data for irregular patterns."
Lambert says because there has been a large uptake in increased cloud security, and data protection, many businesses are now less immobilised when an attack occurs.
"There's not necessarily a stop of business now - more let's isolate the attack but keep the business going. That suggests to me there's a bit of IT maturity in NZ…Covid-19 has drawn attention to security for many companies."
As New Zealand businesses continue to recalibrate and become familiar with operating in the new post-Covid world, Lambert says such businesses must not get complacent around improving digital resilience. It is, he says, critical to business growth, safety and in maintaining a competitive advantage.
"We're beginning to see, post-Covid, a back to normal – a stabilising of sorts. Operations for customers are beginning to stabilise, people have worked out the way they do IT business.
"Two things we're seeing: the majority of our customers are planning permanent remote access working from home and there's a very strong push for cloud storage solutions – because the more you distribute your environment, the more risks you have.
"Our experienced team can assess current network maturity, identify potential risks and choose the right option for connectivity. We can help businesses get safely connected anytime, anywhere with centralised end-to-end visibility and control over connectivity on a global basis.
"Business leaders now expect their systems to be available, working and secure. Its time now that all organisations transform themselves with 'digital-first' thinking to be resilient and future proof."