Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer II

Business investment in CyberSecurity

Key infrastructure business in New Zealand e.g. transportation are being shown to be acting like small business and investing in a way that suggests they underestimate the issues around CyberSecurity.

Whilst seeing the international incidents New Zealand is shielded from the main security and privacy issues because it isn't the subject of mandatory reporting i.e. legislation.

Some protection is provided in business for external threats but not for internal issues such as employee pornography and internal data breaches through mistakes\bad application coding and implementations.

This continues to undermine the efforts of the security team to provide a cohesive and effective set of security controls.

For example most new Zealand businesses have no Security monitoring which is essential for any kind of incident management capability. Also the team that manages security incidents are not staffed or organised to drive through effective incident process when a major incident occurs.



3 Replies
Community Champion

@linzeebThank you for your contribution.  I agree with the comments - however, as I recently experienced doing a live studio session with CertNZ - I was accused of being a sales person, when in reality I was telling what the global picture is from the Cost of Data Breaches report from ourselves.  Yes, we curate 1.7 Terabytes of intelligence data - so what says the New Zealand organisations - what effect does it have on us?


We state use an Inside out perspectives - change the culture and concentrate on where the data is located and who has access to it.


We just turn around and apply the traditional security approach, outside in perspective - we never learn but throw more resources, no wonder there is a projected 1.8 million shortage in cybersecurity personnel.


Everyone within an organisation is an element contributing or causing cyber security issues i.e. Insider Threats; there is plenty of people, if we get them fully motivated.   A company exists because of the employees and with good leadership it can succeed, but as they increasingly accept the 50 Billion dollar in debut river at the current time, we are not prepared for the next issue - so the DDoS attacks are a wake up.  But this last five minutes, and they bury their heads back in the sand and then wait for it to go away.


We have to raise the maturity, collaboration within New Zealand - no one entity can solve the global problem even in the New Zealand - it has to be a sharing of intelligence, and applying the Detect, Identify and Incident Response approach - doing this correctly with automation, work flows will have major benefits. 







Newcomer II


Following reports is the only way for most to keep abreast of the general
issues in the industry.

You need deep pockets to be able to find out all the aspects of security
without them.

The global trends are very important for being able to understand how the
world is coping with emerging threats.

In new Zealand, we always thought we had immunity to security issues through
obscurity and isolation geographically, plus we have a lousy internet
connection as a country.

This has all changed so we now have to address the fact that most business
are small business in NZ, only 208 companys have more than 500 seats.
There's also only 5 million people altogether and only 2% of NZ earns more
that $180,000 dollars per year.. We can still propagate security issues
really quickly though as local forums operate like the COVID virus does,
frequent contact and distribution of malware amongst us.

Someone has to raise the maturity of all in NZ; but also accountability.


Linzee Bickley M.Sc - CISSP CISM CISA Secretary ISC2 Auckland

Consultant - CyberSecurity Risk


Mobile: +64 211098506


Newcomer I

Thank you for the clarification. We need to improve the maturity of cybersecurity incident management processes.