New Times,
New Thinking.

  1. Spotlight on Policy
  2. Tech and Regulation
  3. Cybersecurity
15 December 2020updated 09 Sep 2021 11:24am

On cyber security, companies need to get the basics right

As cyber attacks proliferate, the answer lies in dull detail. 

By Ed Targett

In March staff at Finastra were forced to switch off servers – temporarily freezing millions in financial transactions – after a ransomware attack on one of the world’s largest financial technology services firms. In June, Honda factory floors fell silent after network infrastructure was shut down following an attack.

In August, New Zealand’s stock exchange faced four days of interruptions to trading after a sustained Distributed Denial of Service (DDoS) attackThese are just three high-profile examples of cyber incidents in 2020. There were millions of others, from cities forced to halt vital services to casinos knocked offline.

Yet organisations remain complacent. Perhaps many see the big names targeted and think “that’s not me”; the smaller names quietly fix the problem and nobody – sometimes not even regulators, GDPR or otherwise – is any the wiser.

The truth is, however, that you don’t have to be a target to be attacked. Cyber security researchers who set up “honeypots” to track attacks say automated vulnerability probing is immediate and sustained. One security researcher, Jason Schorr, told me that a honeypot he set up for 48 hours saw 24,992 offensive probes per hour from all over the world.

Read more: How AI changed cyber security

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.

In newsrooms, editors are beginning to be inundated with predictions pieces for 2021. On the cyber security front, many feature the alarming viability of the deep fake: synthetic media used to underpin sophisticated social engineering scams. Picture a Zoom call with a spitting image of your CEO, now AI-powered, asking for an urgent transaction to be made to a company account.

The technology is 95 per cent there and likely to become common place within the decade, if not sooner. Yet most organisations would find fretting over the less dystopian and much more mundane a better use of their time. They should be taking steps like fixing the software that has been unpatched since 2012 or killing off the credentials of that employee who left last year, but whose email still gives them access to company databases.

In a list of the top 10 most exploited software bugs, the FBI and US security agency CISA lamented in a joint post this year that one stemmed back to 2012. It has been known about, and a patch has been available, for eight years.

Read more: The role of the CISO in the Covid-19 era

“Foreign cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organisations,” they noted, adding “the public and private sectors could degrade some foreign cyber threats… through an increased effort to patch their systems and implement programs to keep system patching up to date”.

Getting the basics right is hard. End-users hate multi-factor authentication and prompt patching can knock applications offline. Deep fakes sound like a big threat, but security hygiene is 99 per cent small detail.

For that, IT teams need to be resourced and security taken seriously from top to bottom of a company. It might be painful building a security culture, but not as painful as being targeted by hackers who 21st century law enforcement remains deeply ill-equipped to catch or hold to account.

Ed Targett is editor at Tech Monitor.

This article originally appeared in the Spotlight report on cyber security. Click here for the full edition.

Content from our partners
An innovative approach to regional equity
ADHD in the criminal justice system: a case for change – with Takeda
The power of place in tackling climate change