August 2019 As a government- enabled organisation, CERT NZs job is - - PowerPoint PPT Presentation

august 2019 as a government enabled organisation cert nz
SMART_READER_LITE
LIVE PREVIEW

August 2019 As a government- enabled organisation, CERT NZs job is - - PowerPoint PPT Presentation

Feb 18, 2023 49 likes •270 views

Wanaka Chamber of Commerce Cyber security risks to your business ( and what you can do about it) August 2019 As a government- enabled organisation, CERT NZs job is to advise everyday New Zealanders and organisations on how to avoid or manage

slide-1
SLIDE 1

Wanaka Chamber of Commerce

Cyber security risks to your business

(and what you can do about it)

August 2019

slide-2
SLIDE 2

As a government-enabled organisation, CERT NZ’s job is to advise everyday New Zealanders and

  • rganisations on how to avoid or manage cyber

security risks. We’re uniquely placed to do that. We have privileged access to data and people here and internationally. The more data we have, the more we can achieve.

slide-3
SLIDE 3

About us

3

  • Location: CERT NZ is a branded business unit of the Ministry of

Business Innovation and Employment, based in Wellington

  • Size: 17 staff plus the Contact Centre
  • Minister: Minister for Broadcasting, Communications and Digital

Media Hon Kris Faafoi

  • Funding: The Government has invested $22.2m over four years

from Budget 2016 to build and fund CERT NZ

Cyber security risks to your business (and what you can do about it)

slide-4
SLIDE 4

CERT NZ’s core functions

4 Cyber security risks to your business (and what you can do about it)

slide-5
SLIDE 5

We work across the cyber security ecosystem

5

  • Not all incidents reported are within our scope. But as part of our role in the

ecosystem, we help people get to the right place.

  • We work closely with incident “referral” partner organisations including:

CERT NZ also plays a connecting role working alongside or coordinating with partner agencies to resolve incidents where required.

Cyber security risks to your business (and what you can do about it)

slide-6
SLIDE 6

CERT NZ Reporting Tool

6

  • Natural language
  • Easy to use
  • Provides an initial

event diagnosis

Cyber security risks to your business (and what you can do about it)

slide-7
SLIDE 7

CERT NZ Reporting Tool continued…

7 Cyber security risks to your business (and what you can do about it)

slide-8
SLIDE 8

2018 summary – what we’ve seen

8 Cyber security risks to your business (and what you can do about it)

slide-9
SLIDE 9

2018 top incident categories

9 Cyber security risks to your business (and what you can do about it)

slide-10
SLIDE 10

2018 summary – what we’ve done

10 Cyber security risks to your business (and what you can do about it)

slide-11
SLIDE 11

What’s happening in our backyard?

11

Top 4 Categories

  • 33 scams & fraud
  • 17 phishing &

credential harvesting

  • 8 unauthorised

access

  • 5 reported

vulnerability

Top Tips

  • Be alert to online

scams, like the email webcam scam and its variations

  • Follow the CERT

NZ top 11 cybersecurity tips for your business and especially how to protect your website where you run one

Otago Region Overview 2018

  • 70 incident reports:

48 from individuals and 22 from

  • rganisations
  • Reported direct

financial loss: $232,385

  • Average loss:

$11,619

Cyber security risks to your business (and what you can do about it)

slide-12
SLIDE 12

Cyber security risks to business

  • Lack of effective cyber security policies,

procedures and training

  • Principle of least privilege not enforced
  • Poor cyber hygiene
  • Insider threat
  • No cyber security incident response plan

12 Cyber security risks to your business (and what you can do about it)

slide-13
SLIDE 13

Impacts and consequences

13

  • Financial loss
  • Data loss
  • Reputational loss
  • Technical damage

Cyber security risks to your business (and what you can do about it)

slide-14
SLIDE 14

Top 11 tips for businesses

14

1. Install software updates 2. Implement two-factor authentication (2FA) 3. Back up your data 4. Set up logs 5. Create a plan for when things go wrong 6. Update your default credentials 7. Choose the right cloud service for your business 8. Only collect the data that you really need 9. Secure your devices 10. Secure your network 11. Manually check financial details

Cyber security risks to your business (and what you can do about it)

slide-15
SLIDE 15

What can you do right now for your business?

15

  • Review and update your cyber security policies,

procedures and staff training

  • Review and implement Top 11 Tips for businesses
  • Update and practice your Incident Response Plan
  • Check out www.cert.govt.nz for more information

Cyber security risks to your business (and what you can do about it)

slide-16
SLIDE 16

How can your staff at home?

16

  • Use strong and unique

passwords for your accounts

  • Update your devices
  • Check your privacy settings
  • Turn on two-factor

authentication

  • Report it

Cyber security risks to your business (and what you can do about it)

slide-17
SLIDE 17

How you can leverage CERT NZ

slide-18
SLIDE 18

Quarterly Reporting

18

  • New Zealand threat landscape statistics and

information

  • Free to use as resources for your customers,

staff, management and executive

  • Provides awareness of the impact of

incidents, and the prevalence of threats

  • Can help with business cases for protection

measures

  • Subscribe and read our Quarterly Reports at

www.cert.govt.nz/about/ quarterly-report

Cyber security risks to your business (and what you can do about it)

slide-19
SLIDE 19

A wealth of free, expert information

19

  • Ready-made content on common cyber security

threats with practical info and advice for

  • rganisations, businesses and individuals
  • Includes resources like infographics and videos
  • Free at www.cert.govt.nz *
  • *Available to copy, distribute, adapt for any

purpose other than commercial purposes under a Creative Commons licence

Cyber security risks to your business (and what you can do about it)

slide-20
SLIDE 20

Useful links mentioned in this presentation

20

  • To share your SPAM reports with DIA text 7726: https://www.dia.govt.nz/Spam-Complain-

About-TXT-Spam

  • Business.govt workplace policy builder:

https://wpb.business.govt.nz/workplacepolicybuilder/itAndSocialMedia/whyWeHaveThisPolicy1

  • Office of the Privacy Commissioner privacy statement tool:

https://www.privacy.org.nz/privomatic/index.html

Cyber security risks to your business (and what you can do about it)

slide-21
SLIDE 21

Keep in touch and stay up to date

21

  • Subscribe to alert and advisory emails
  • n our website

www.cert.govt.nz/subscribe

  • Subscribe to quarterly updates on our

website www.cert.govt.nz/subscribe

  • Follow us on Twitter@CERTNZ
  • Register your interest in Cyber Smart

Week 2019, email us at cybersmart@cert.govt.nz

  • Cyber Smart Week enquiries:

cybersmart@cert.govt.nz

  • To report an incident:

www.cert.govt.nz or phone 0800 CERT NZ

Cyber security risks to your business (and what you can do about it)

slide-22
SLIDE 22

PowerPoint title goes here 22 [CLASSIFIED]