Don’t think a cyber attack can’t happen to you or your business. Last month’s cyber attack on the Waikato District Health Board is a wake-up call for all businesses, organisations and computer users in Aotearoa.
Thought to have come through an email attachment, the attack crashed the health board’s electronic systems, delaying elective surgeries, and making patient’s notes inaccessible. It wasn’t the first cyber attack here and it won’t be the last.
CERT NZ, the government agency which supports organisations and people affected by cyber security incidents, last year received 7809 cyber security reports affecting New Zealanders, a significant leap from the 4740 reports made in 2019.
On average, companies take about 197 days to identify and 69 days to contain a breach.
John Williams, chair of NZ Health IT’s special interest digital enablers group, has the following suggestions:
• Increase vigilance in monitoring, detecting, and responding to suspicious activity
• Conduct a fresh cyber risk assessment
• Review external perimeter security, services and ports
• Review third-party services risks, related to remote access and management
• Maintain offline, encrypted backups of data and regularly test backups
• Make sure patches on all devices are up to date
• Check antivirus and other security systems will detect and block ransomware
• Review emails, attachments, macro detection, and protection controls
• Implement awareness training and processes to increase cyber security literacy
• Run regular scans and pick all assets up not just Windows machines
• Have an offline copy of the organisation’s incident plan.