Computerworld

GCSB's cyber-vigilance saved organisations $27m

NCSC reveals “cost avoidance” benefit
  • Stuart Corner (Computerworld New Zealand)
  • 08 January, 2019 20:00

The National Cyber Security Centre (NCSC) says that the cyber threat defence capabilities of its parent body, the Government Communications Security Bureau (GCSB), reduced harm to New Zealand businesses by $27m during 2018.

The NCSC in December issued its annual Cyber Threat Report for the 12 months to June 2018

NCSC director Lisa Fong said the NCSC recorded 347 cyber security incidents during the year with a “cost avoidance” benefit to nationally significant organisations in the order of $27m.

"Due to the NCSC’s focus [on nationally significant organisations], this is only a subset of the total incidents affecting New Zealand," she said.

She said that during the 12-month period, 134 incidents — 39 percent of the total — contained elements “linked to known state-sponsored cyber actors”.

“Additionally, the vast majority of incidents were detected at, or prior to, an actor’s first attempt to compromise an organisation, minimising the harm experienced by New Zealand organisations,” she added.

In November the GCSB warned that digital transformation was outpacing investment in cyber security among New Zealand's nationally significant organisations and called on them lift their internal cyber security dialogue to drive the necessary changes.

The warning followed a survey of 250 nationally significant organisations by the NCSC to establish their level cyber security resilience and the potential impacts if they were compromised.

Intellectual property left linked to China

Release of the report coincided with GCSB reiterating its warnings about “a global campaign of cyber-enabled commercial intellectual property theft” linked to the Chinese Ministry of State Security (MSS).

GCSB director-general Andrew Hampton said: “This long-running campaign targeted the intellectual property and commercial data of a number of global managed service providers, some operating in New Zealand.”

Hampton said the GCSB had worked through a robust attribution process in relation to this campaign, and around a third of the serious incidents recorded by the NCSC could be linked to state-sponsored actors.

"This ongoing activity reinforces the importance of organisations having strong cyber security measures across their supply chain," he said.

A decade ago CWNZ reported that the GCSB had beefed-up its policy requiring computer and networking equipment — and components within equipment — used in government not be manufactured in China or other non-approved countries for fear of cyber espionage.