Key infrastructure business in New Zealand e.g. transportation are being shown to be acting like small business and investing in a way that suggests they underestimate the issues around CyberSecurity.
Whilst seeing the international incidents New Zealand is shielded from the main security and privacy issues because it isn't the subject of mandatory reporting i.e. legislation.
Some protection is provided in business for external threats but not for internal issues such as employee pornography and internal data breaches through mistakes\bad application coding and implementations.
This continues to undermine the efforts of the security team to provide a cohesive and effective set of security controls.
For example most new Zealand businesses have no Security monitoring which is essential for any kind of incident management capability. Also the team that manages security incidents are not staffed or organised to drive through effective incident process when a major incident occurs.
@linzeebThank you for your contribution. I agree with the comments - however, as I recently experienced doing a live studio session with CertNZ - I was accused of being a sales person, when in reality I was telling what the global picture is from the Cost of Data Breaches report from ourselves. Yes, we curate 1.7 Terabytes of intelligence data - so what says the New Zealand organisations - what effect does it have on us?
We state use an Inside out perspectives - change the culture and concentrate on where the data is located and who has access to it.
We just turn around and apply the traditional security approach, outside in perspective - we never learn but throw more resources, no wonder there is a projected 1.8 million shortage in cybersecurity personnel.
Everyone within an organisation is an element contributing or causing cyber security issues i.e. Insider Threats; there is plenty of people, if we get them fully motivated. A company exists because of the employees and with good leadership it can succeed, but as they increasingly accept the 50 Billion dollar in debut river at the current time, we are not prepared for the next issue - so the DDoS attacks are a wake up. But this last five minutes, and they bury their heads back in the sand and then wait for it to go away.
We have to raise the maturity, collaboration within New Zealand - no one entity can solve the global problem even in the New Zealand - it has to be a sharing of intelligence, and applying the Detect, Identify and Incident Response approach - doing this correctly with automation, work flows will have major benefits.