The continued reliance by Kiwi companies on traditional information technology security measures like Internet ‘firewalls’ – despite growing hacker activism, Internet fraud and industrial espionage – is starting to pose significant commercial and security risks for local enterprise.
Lume Ltd MD Richard Cheeseman believes attacks by international hacker group Anonymous against the GCSB, as well as the group’s threats against local politicians who voted for the GCSB Bill, should serve as a warning to New Zealand companies to give priority to closing the loopholes in their IT security.
“Companies and organisations hold the personal records of millions of Kiwis and they cannot afford to be casual with that data because there are criminals out there who would give their eye-teeth for that information," he says.
“Anonymous is a very public hacktivist group that has gone after governments, corporations and other organisations over various causes, but they’re just the public face of an increasing threat from industrial espionage and cyber criminals who operate in secret.
“In New Zealand we cannot afford to think that we are too far removed from these things, too popular or too small to attract attention.
"However, at the moment, the attitude to IT security – particularly in the face of wireless local area networks – is casual to laissez-fare.
"Many don’t understand the issues and most SMEs don’t think beyond the firewall (and even fewer understand them).
“The recent botulism incidents with China and Sri Lanka were interesting as much for the ideological and commercial motives behind the reactions of those countries.
"As perception of New Zealand as a commercial threat – and an innovator in various niches like dairy, wine and application development - grows globally, so will the threats."
Previously companies could control access to their networks using firewalls – a sort of castle-and-moat approach – but the massive strides in wireless local area networks (LAN) technology, and even USB sticks and mobile devices that can carry massive quantities of data, have minimised the role of firewalls.
For example, if in the past somebody wanted to steal paint formulas from a company, they would have had to walk out with a full briefcase. Now a USB stick can hold a whole library.
The introduction of ultra fast broadband to New Zealand also makes it worthwhile for overseas cyber criminals to take an active interest in us.
Cheeseman claims more than 90 per cent of New Zealand companies now live in an environment of borderless (wireless) networking.
“Kiwis have been quick to take up wireless LAN, relative to the rest of the world, but slow to plug the holes," he says.
"With the sophistication of this technology advancing in leaps and bounds, our reliance will only increase.
“Protection systems now have to be set up inside the premises as well, within the firewall’s perimeter – the IT equivalent of gates, swipe cards and surveillance warning systems.
“Networks can be made clever enough to monitor for unusual activity. For example, systems could detect if somebody has put a USB stick into a computer and is downloading sensitive or large amounts of data.
“The tools are there and they are relatively simple and affordable to install – companies just need to know how. The first step is to know what you want to protect, and then work from there on how to do that."