Cyber-attack is an attempt to gain illegal access to a computer or computer system for the purpose of causing damage or harm. It compromises confidentiality, integrity and/ or availability of the data, which may have greater financial and reputational impact to the organization.

Cyberattack is one of the greatest threats to every company in the world. With widespread use of Information Technology and internet, the rate of cyberattacks has been increasing. It has affected small as well as large organizations. New automated tools and new technologies has been developed to bypass the security controls implemented by organization.

Several major organizations in New Zealand have been the target of cyberattacks in the past year. Last August, the New Zealand Stock Exchange had been targeted by sustained DDoS (distributed denial of service) attacks, halting trade for four consecutive days.

It has been observed that Data breaches exposed 4.1 billion records in the first half of 2019. 71% of breaches were financially motivated and 25% were motivated by espionage. 52% of breaches featured hacking, 28% involved malware and 32–33% included phishing or social engineering, respectively. The US FBI reported a 300% increase in reported cybercrimes since COVID-19.

Recently, New Zealand central bank became the victim of a cyberattack on 13^th of Jan. FTA (File Transfer Application), a third-party application and service provided by California-based Accellion used for the purpose of sharing and storing some sensitive information was compromised resulting data breach. The bank immediately took the system offline in order to contain the impact of data breach. However, bank has yet to establish the nature and extent of information that has been potentially accessed and said the compromised data which may include commercially and personally sensitive information. Adrian Orr, governor of the Reserve Bank of New Zealand, said that this wasn’t a specific attack on the Reserve Bank, but other users of the file sharing application were also the victim.

Orr added in a statement that they were actively working with domestic and international cyber security experts and other relevant authorities as part of their investigation for the extent of data breach. The Government Communications Security Bureau’s National Cyber Security Centre [NCSC] has been notified and is providing guidance and advice. However, the core and main functions of the bank were unaffected and they were open for business, which includes market operations and management of the cash and payments systems.

It is still not clear when the cyberattack took place and how the attackers have breached and accessed its system. The investigation may take time to understand the full implications of this breach and the bank are working with system users whose information may have been accessed.

The statistics on cyberattack shows that these sophisticated attacks are increasing day by day. Even large organizations are the victim to these attacks causing serious financial and reputational loss. In most case, companies might not even be aware that their system is breached. So, the key take away is that companies must take cyber security seriously, as cyberattacks can happen from supply chain. Cyber Security shall be considered integral process and it shall follow proper governance, risk management, supply chain management, security awareness and periodic audit.

‍