According to PwC
’s Global State of Information Security Survey, employees pose one of the biggest cyber risks to Kiwi companies – along with service providers, suppliers and business partners.
“The ‘unknown hacker’ was picked as the largest category responsible for cyber-attacks and that’s because attribution is difficult and most companies end up not knowing where or who the attackers are,” said Adrian van Hest, PwC partner and cyber practice leader. “However, it became clear that people known to the company were also among the biggest threats.”
According to the report, 29.6 per cent of respondents said that current staff were responsible for cyber-attacks in New Zealand.
Van Hest – who has over 15 years specialist experience in the risk and IT security sector – says a growing number of Kiwi organisations are waking up to the dangers of a cyber-attack but many still aren’t sure how to best protect themselves.
“We’ve seen that the amount being invested in cyber security is increasing, but the number and cost of incidents are also increasing,” said van Hest. “So while there’s continued spending, it doesn't mean that the investments are effective or that they’re being spent on the right things.”
According to van Hest, the ongoing uptake of cloud computing and reliance on mobile devices brings new risks – not because the technologies are unsafe but because they require companies to take a different approach to the way they manage cyber security.
The Wellington-based tech expert also suggested that Kiwi employers can learn something from their international counterparts, which are already facing a new kind of security risk.
“We’ve also found that investment in identity management is growing faster overseas because they’re experiencing more cyber incidents through increased cloud usage,” said van Hest.
“Kiwi companies are slightly behind the trend as most of our cyber incidents still seem to occur because of outdated software. However, as more businesses move to the cloud, it’s only a matter of time before we face the same risks.”
Single employee blamed for enormous data
Medium-sized employers overlooking cyber-security
Bolstering your digital defences and improving the skills of your IT team are important steps to ensuring the cyber safety of your organisation – but those efforts may all be in vain if HR fails to properly train employees.