https://community.isc2.org/t5/Governance-Risk-Compliance/More-investment-needed-in-CyberSecurity/m-p/60866#M911 <P>For many years&nbsp;New Zealand has believed it is shielded from main security and privacy issues because it isn't the subject of mandatory reporting i.e. legislation.</P><P>Some protection is provided in business for external threats but not for a high degree of security.</P><P>This continues to undermine the efforts of the security team to ensure cohesive and effective security controls.</P><P>Small business are investing but in a way that suggests they underestimate the issues around CyberSecurity as in this report from 2020.</P><P><A href="https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&amp;objectid=12363068" target="_blank" rel="nofollow noopener noreferrer">https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&amp;objectid=12363068</A></P><P>&nbsp;</P><P>Fast forward to 2023 and the same issues exist with a threat of Security staffing being reduced due to financial pressures post Covid.&nbsp; Many small businesses share a security manager and rely on outsourced IT operations which may not even reside in New Zealand.</P><P>More investment is being made but there are only a finite number of experienced security professionals in the country and some are likely to migrate to better employment in e.g. Australia.</P><P>Also compliance with required legislation in the country and binding financial requirements such as PCIDSS are still not being met despite having been established since 2004.</P><P>&nbsp;</P><P><A href="https://securitybrief.co.nz/story/more-action-needed-to-plug-critical-gaps-in-cybersecurity" target="_blank">https://securitybrief.co.nz/story/more-action-needed-to-plug-critical-gaps-in-cybersecurity</A></P> Mon, 09 Oct 2023 10:38:15 GMT linzeeb 2023-10-09T10:38:15Z https://community.isc2.org/t5/Governance-Risk-Compliance/More-investment-needed-in-CyberSecurity/m-p/60866#M911 <P>For many years&nbsp;New Zealand has believed it is shielded from main security and privacy issues because it isn't the subject of mandatory reporting i.e. legislation.</P><P>Some protection is provided in business for external threats but not for a high degree of security.</P><P>This continues to undermine the efforts of the security team to ensure cohesive and effective security controls.</P><P>Small business are investing but in a way that suggests they underestimate the issues around CyberSecurity as in this report from 2020.</P><P><A href="https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&amp;objectid=12363068" target="_blank" rel="nofollow noopener noreferrer">https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&amp;objectid=12363068</A></P><P>&nbsp;</P><P>Fast forward to 2023 and the same issues exist with a threat of Security staffing being reduced due to financial pressures post Covid.&nbsp; Many small businesses share a security manager and rely on outsourced IT operations which may not even reside in New Zealand.</P><P>More investment is being made but there are only a finite number of experienced security professionals in the country and some are likely to migrate to better employment in e.g. Australia.</P><P>Also compliance with required legislation in the country and binding financial requirements such as PCIDSS are still not being met despite having been established since 2004.</P><P>&nbsp;</P><P><A href="https://securitybrief.co.nz/story/more-action-needed-to-plug-critical-gaps-in-cybersecurity" target="_blank">https://securitybrief.co.nz/story/more-action-needed-to-plug-critical-gaps-in-cybersecurity</A></P> Mon, 09 Oct 2023 10:38:15 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/More-investment-needed-in-CyberSecurity/m-p/60866#M911 linzeeb 2023-10-09T10:38:15Z