The number of cyber security attacks being reported in New Zealand is on the rise, with nearly $17 million lost over the past year as a result.

In total, $16.9 million was lost to attackers in 2020 – the most in a single year since CERT was launched.
Photo: 123RF

The data comes from CERT NZ’s annual summary for 2020, which has been released today.

It showed the agency received nearly 8000 reports of cyber security incidents last year, a 65 percent increase on the year before.

“We’re developing a much richer understanding of the types of threats and issues that are affecting New Zealanders, and New Zealand businesses,” said CERT NZ director Rob Pope.

Phishing and credential harvesting (where an attacker collects personal data) were the most reported form of attacks, and were up 76 percent on 2019.

Behind those were scams and fraud reports, up 11 percent, and malware reports, up 2008 percent.

In total, $16.9m was lost to attackers – the most in a single year since CERT was launched.

Pope said he was not surprised more attacks, and more financial loss was being reported.

“New Zealand’s an exceptionally attractive country, with a very trusting set of communities.

“We are quite exposed to the very opportunistic and sophisticated approaches and campaigns these cyber criminals are applying.”

The increases are not necessarily down to more attacks happening, however, but probably down to more people recognising CERT and reporting a crime if and when it happens.

The agency is now in its fourth year, but Pope said he still did not think they had ascertained the true scale of how many cyber attacks were happening, and how much money was actually being lost each year.

And while financial loss is the easiest impact of cyber attacks to quantify, there are others: reputational damage can be done, personal data can be lost, and operations can go down causing their own financial blow.

How to prevent being scammed

Between 65 to 70 percent of all cyber attacks can be prevented if people take just simple steps.

“Most of the reports we are receiving, the losses and the issues that have been caused, are behavioural, i.e. people clicking on links because they believe they’re from someone they associate with, or it’s an invoice from a business that they know they have to pay,” Pope said.

“Our advice to everybody is, just take some of these simple steps: ensuring you’ve got strong, long, and unique passwords; ensuring your systems are updated automatically; and in this day and age of social media, just be very careful about your privacy settings.”

But even if someone is still the victim of a cyber attack, that doesn’t mean all is lost.

Over the past four to five months, $1m has been stopped from being transferred to a scammer because of quick reporting, which then allowed CERT to contact partnering agencies.

“The message is: please report to CERT New Zealand.

“The quicker we hear about these issues, the faster we can provide support and assistance with the aim of actually preventing and avoiding further heartache for people and businesses.”

CERT NZ- the Computer Emergency Response Team – is part of the Ministry of Business, Innovation and Employment and its key referral partners include Department of Internal Affairs, Netsafe, National Cyber Security Centre, and police.