Security expert warns NZ SMEs at risk

While research and development companies in New Zealand are being targeted by offshore interests keen on stealing their work, one New Zealand security expert warns the dangers to small to medium-sized enterprise are even greater.

While research and development companies in New Zealand are being targeted by offshore interests keen on stealing their work, one New Zealand security expert warns the dangers to small to medium-sized enterprise (SME) are even greater.

KPMG New Zealand's information risk manager Graeme Sinclair says the R&D institutes have managed to fend off the intruders, however SME businesses in New Zealand are generally at risk of attack.

"Generally speaking we are wide open. Anyone with high-quality, valuable research will be up to speed on security, but even then it doesn't guarantee them protection," says Sinclair.

TVNZ's website Nzoom (see Japanese spy hack 'no surprise' - experts) broke the story of agents of foreign governments trying to infiltrate a private medical research institute here in New Zealand. The story said New Zealand sites are considered "soft targets" and Sinclair agrees.

"Even the big players have firewalls with alarms on all the time and they're constantly reporting being probed and scanned." He likens it to a real-world criminal "casing the joint" before breaking in.

"It's a matter of picking out the serious risks from all that traffic. They do give themselves away because the same address keeps popping up." He says IT managers are becoming more aware of the danger even from such high levels as foreign governments.

"The key is to have the intrusion detection gear there and be ready to respond when the alarms go off."

On Nzoom, PricewaterhouseCoopers security expert Philip Whitmore revealed an attempted hack that he traced back to a Japanese government agency. Whitmore is no longer allowed to comment on such matters in the media.

Sinclair says the government's decision to create an agency dedicated to cyber-threats, the Centre for Critical Infrastructure Protection (CCIP) is a step in the right direction.

"It's looking at the total infrastructure. It's just like Y2K - if the infrastructure failed it would affect us all." Sinclair believes the CCIP will be of great help in cases like this, providing research and support for companies under attack.

Join the newsletter!

Error: Please check your email address.

Tags security

More about KPMGPricewaterhouseCoopers

Show Comments
[]