IT services company, Origin IT says that 50 per cent of staff in its client companies will open unidentified emails and 30 per cent will click on links, many of which are designed to download malware into corporate networks.
Origin IT CEO, Mike Russell, said the figures show that New Zealanders are insufficiently sceptical and vigilant.
“Our relaxed nature in New Zealand means we’re too trusting and we’ve become a soft target to attacks from anywhere in the world — the way we approach information security needs to change,” he said.
“It is no longer enough to buy the best technology as people have become the weak point, they will make mistakes and let an attack in, whether intended or not. It also only used to affect large organisations but now every day we hear of SMEs being hit with damaging and costly results.”
Origin IT noted that the PWC’s 2016 Global State of Information Security survey found that current and past employees were a more significant source of security incidents than hackers, followed by service providers, consultants and contractors.
The Action Plan of Government’s Cyber Security Strategy, released in December 2015, contained a commitment to boosting the cyber security capabilities of small and medium enterprises (SMEs).
It proposed new “cyber credentials” scheme for SMEs to “promote to the SME audience the core actions that, if implemented properly, can make a big difference to their cyber security.”
The action plan said the scheme would involve self-assessment and independent verification. “Ultimately, if there is sufficient interest from SMEs, it could also involve a system of independent certification to ensure objective testing of cyber security practices.”
It seems that little progress has been made to date on this scheme. In her address to the Cyber Security Summit in May, communications minister, Amy Adams, said: “I want this cyber credentials scheme up and running later this year and I look forward to having more to say on this in the next few months.”