By James Brown, General Manager, FinTech
Cyber-attacks have always happened however since COVID and the sudden mass adoption into the digital world more and more companies have either been hacked or are at risk. Here in New Zealand, we have seen many public attacks including the RBNZ, Waikato DHB and more recently several of the largest banks' online services being affected.
Simply put NZ has under-invested in Cyber for far too long and this is only one of the reasons why we are an easy target, CEOs need to take this more seriously and start to consider the risks they face when their customer data/privacy is put at risk.
Only 6% of NZ companies have adequate Cyber protection and we have more human interactivity now happening at the digital layer, than the human layer (Andy Prow Redshield).
A growing digital footprint is what is behind the eruption of data theft, systemic compromise, and fraud.
Australia is moving towards mandatory disclosure for ransomware because they see this as a threat that is not going away, Gartner continues to conclude that 90% of breaches will continue to occur through issues organizations know about but have not yet addressed, the approach of “she will be alright” just does not meet the needs or expectations of the consumer.
We have seen several countries around the world move to Open Banking connecting some of the largest financial institutions around the world with third-party providers the inherent risks are clear especially around data and privacy breaches however this is sometimes overlooked. Cyber Terrorists do not care about the size of the organisation they just pick easy targets and exploit the weakness sometimes the company will understand they are exposed but choose to do nothing about it.
Your digital identity is precious, take care of it
Hackney Council in the UK, Pipeline in Texas and a huge power outage in India are all the result of a lack of investment and a realisation to exposure. Many discussions are taking place about Digital Identity, the tools we use to verify someone can also be at risk. A good example of this was when Abraham Abdallah pretended to be wealthy executives and celebrities using credit cards and bank details to steal millions even from people like Speilberg, not changing the details on your home Wi-Fi allows others to hack your details, and using only a handful of peoples data allowed Johnny Bryan to spend over $300k on Pay Pal.
The lesson we should be learning from this is to treat our data like we would anything precious to us and only share what is required and do some due diligence on who is asking for our data. We sign up for new apps without reading the T&C’s expecting companies to have our best interests at heart, simply put that just isn’t the case. Our data, identity has become more valuable than gold or oil as it can be sold more than once making it very lucrative to criminals.
What can companies do to protect us?
Calls are being made to change the laws around COVID tracing to prevent Government agencies from using the information for the wrong reasons, authorities in China fear data issues when Chinese tech giants set up in new countries that domestic data will end up in foreign hands.
As the world was forced into the usage and acceptance of everything digital things like phishing scams become more prevalent, customers who were used to doing all their banking in a branch now have to move onto digital devices and with little or no knowledge the scammers took advantage. Large organisations have a duty of care to their customers in making the transition to new products easy and seamless, something not all is very good at.
Most companies and countries should at least refresh the basics, implement company-wide training, and put in place penalties for failure to comply. This will help to prevent simple attacks however investment and regular investigation will highlight areas of risk.
Artificial Intelligence will also play a vital role in the battle against cyber terrorism, as technology evolves companies will need to employ different strategies and techniques to stay ahead of the terrorists.
Are the machines coming, reality is they are already here.
Find out more about protecting your identity information and how to verify customers identity with 'RealMe: verified identity service'.