Cyberattack, cybersecurity and protecting NZ
21 September 2018
Opinion: The risk of cyberattack is growing and New Zealand must counter this increased threat to our digital systems and security, writes Dr Rizwan Asghar (Computer Science).
In our daily lives, many of us are digitally connected in a way we often give little thought to but the risk of cyberattack is growing and, like other countries around the world, New Zealand must find ways to counter this growing threat.
Amazon’s virtual assistant Alexa may sit benignly on your kitchen bench, but it is also potentially invading your privacy and the data being collected is hackable. Electricity companies are monitoring your energy consumption in order to control supply, but that has serious implications not just for privacy, but for security. Should our electricity use data be hacked or stolen – a very real possibility – then that’s going to give a burglar a really good idea of when you are not at home.
Cybersecurity and criminality are inextricably linked in our inter-connected world and connected devices for ‘smart’ homes – often called the Internet of Things – are an easy target for cyber criminals. Smart appliances such as fridge, washing machine and TV have limited security capabilities which make them vulnerable to cyberattack by sophisticated data mining algorithms.
The consequences can be serious, not just financially but also by risking human life. The healthcare sector has been an attractive target for cyber criminals. An example is the Bay of Plenty District Health Board. This small DHB recently revealed it has been facing as many as 864,000 cyberattacks a day, or 10 cyber attacks per second. In the view of DHB's Chief Executive, these have been "putting patients at risk".
In April of this year, a cyberattack forced seven of the UK's biggest banks to slow down online banking operations or shut down entire systems. This cyberattack was based on a Distributed Denial of Service (DDoS) attack launched by renting the webstresser service, where an individual, with little or no knowledge, could trigger over four million DDoS attacks for as little as NZ$22.00.
All this means that cybersecurity is a serious issue for all of us and one we need to address urgently. But governments around the world are struggling to introduce laws and regulations to effectively combat the threat.
In May of this year, the EU introduced the General Data Protection Regulation (GDPR), which is the most important change in data privacy regulation in the last 20 years. It is reshaping the way in which our data is collected and handled by healthcare, banking, and other sectors. For instance, the regulation requires organisations to explicitly get user’s consent for a specific purpose, using clear and plain language, and it must be easy to withdraw consent. Not only that, it also requires organisations to notify individuals within 72 hours of detecting any data breach. Failure to comply with GDPR can incur a fine up to four percent of an organisation’s annual turnover, or NZ$35.52 Million (whichever is greater).
All this means that cybersecurity is a serious issue for all of us and one we need to address urgently.
Besides EU member states, other countries, including New Zealand and Australia, have welcomed GDPR and reformed their own privacy acts. New Zealand’s latest Privacy Bill, introduced in March 2018, better aligns this country’s privacy law with GDPR by penalising up to NZ$10,000 for a privacy breach, although New Zealand’s Privacy Commissioner recommends a fine up to NZ$1 million for a serious privacy breach. GDPR is putting pressure on organisations to properly protect our data, while also providing organisations an opportunity to embrace innovative business models with a focus on user privacy.
In one way, GDPR requires enforcement of stringent cybersecurity practices. Before the regulation came into force, many countries already defined their cybersecurity strategies in order to deal with potential cyber threats. The New Zealand’s cybersecurity strategy has four main goals: exercising cyber resilience, having cyber capabilities, improving cybersecurity, and increasing international cooperation.
The introduction of new privacy regulations will reduce scandals like Cambridge Analytica gaining “unauthorised” access to the data of up to 87 million Facebook users through the friends’ network of the 270,000 users who used a Facebook app, called “This is Your Digital Life”. The use of personal data collected without users’ consent raised ethical and privacy concerns.
But there is good news. Cybersecurity is one of those new careers that didn’t exist a decade ago and it definitely won’t be going away. There is a global shortage of people with cybersecurity skills and New Zealand is not an exception. It would be a wise choice for Millennials and Post-Millennials to earn qualifications in this sector and become a cybersecurity practitioner.
Many universities have introduced degree programmes in Cybersecurity – the University of Auckland offers the Master of Professional Studies in Digital Security. We have also launched the Cyber Security Foundry (CSF) which is a hub for world-leading technical expertise, industry collaboration, training of security professionals, and the development of new security solutions.
All computer users need to be aware of cybersecurity threats and the growing risk they pose to systems essential to our everyday lives, and to our privacy. The simple advice below could help reduce the chance of attack and protect your personal and business systems:
Tips for Organisations
- Comply with privacy policies
- Store and backup customers' data in encrypted form
- Educate your employees
- Learn how to deal with cyberattacks
- Buy cyber insurance
Tips for Users
- Protect your personal information
- Tighten privacy and security settings of apps you installed
- Download software and apps from trusted sites or stores
- Physically secure your devices
- Do not use simple passwords and secure your passwords
- Be aware of cyberattacks
Dr Rizwan Asghar is a senior lecturer at the University of Auckland’s Department of Computer Science.
This article reflects the opinion of the author and not the views of the University of Auckland.
Used with permission from Newsroom, Cyberattacks, cybersecurity and protection published on 24 September 2018.