Kiwis Blasé about Cyber Risks – 2020 Unisys Security Index™

Survey reveals low concern about protecting data when working remotely, validates Police's warning

WELLINGTON, New Zealand, 18 August 2020 – Research from Unisys Corporation (NYSE: UIS) in the 2020 Unisys Security Index shows that New Zealanders are aware of, but not concerned about, cyberattacks while working from home during the COVID-19 pandemic. The longest-running snapshot of consumer security concerns conducted globally showed that during the pandemic, only 22% of Kiwis were concerned about the risk of a security breach while working remotely, and 26% were concerned about the risk of being scammed, leaving them – and their employers – vulnerable to cyberattacks including scams, phishing and ransomware.

This backs up concerns expressed by the New Zealand Police:

"Reporting [source redacted] suggests cybercriminals adapted quickly to exploit an increased pool of victims, capitalising on people's COVID‐19 related anxieties and taking advantage of the vulnerabilities brought about by teleworking. It is almost certain that cybercriminals will be quick to adapt during a global recession, targeting their victims by exploiting concerns regarding financial pressures and/or unemployment."[1]

In comparison, the research found that 55% of New Zealanders were concerned about the country's economic stability, 41% about their own financial security and 34% about their job security during the pandemic.

Meanwhile New Zealanders' concern for the underlying cybersecurity issues that facilitate fraud and cybercrime has decreased: 40% of New Zealanders are concerned about computer virus and hacking down from 48% in 2019, and 35% are concerned about online transactions down from 39% a year ago.

Police also noted a heightened risk of fraudulent activity in the post-COVID-19 environment:

"Economic hardship will almost certainly prompt organisations to reprioritise their resource and capability. If information technology and cybersecurity roles are negatively affected by such processes, it is possible businesses will be at a greater risk of becoming victims to cybercrime and cyber‐enabled crime."[2]

Kiwis Not Taking Responsibility for Protecting Data When Working from Home

New Zealanders' concern about hacking and viruses has declined in the last year from 48% of the population seriously concerned about this in 2019, down to 40% in 2020.

"New Zealanders appear to be distracted by their higher concern of national infrastructure and family well-being during the pandemic. This is a critical issue for organisations that underwent a rapid transformation to move to work from home models as it appears employees likely assume that their employer is taking care of securing data and systems. Yet for many for organisations, the initial priority was to simply get people working remotely and their security measures have not yet caught up with the wider attack base this created. People remain one of the top points of vulnerability – especially as attackers use high interest in COVID-19 to trick people into clicking on links or giving information which can launch ransomware and other malicious software. Employers need their people to remain vigilant," says Wellington-based Andrew Whelan, vice president, Commercial and Financial Services Sector Lead, Unisys Asia Pacific.

The ongoing risk is heightened by advice from Dr Ashley Bloomfield, the New Zealand Director-general of Health, that community transmission is a case of not if, but when, and that New Zealand should brace for a second wave that will push people and businesses to return to working from home.

Last year, more than 1.3 million Kiwis were affected by cybercrime and the top three incident categories were phishing, scams and unauthorised access reports, with a total value of NZ$16.7 million, according to CERT. Police expect online fraud to increase by 30 to 100 percent. CERT has yet to release data for the first two quarters of 2020, but a spokesperson confirmed that a new report, covering the first six months of the year, will be released shortly.

CERT notes that scammers and attackers are using the public interest in COVID-19 to create opportunistic online scams and attacks and identifies a range of threats including email scams (such as the WHO scam), phishing emails claiming to have updated COVID-19 information, Webcam extortion emails (ransomware), fake coronavirus maps, and text message scams.

New Zealand Businesses Need to Review Security in COVID-19 Environment

Using a conservative downtime cost of US$10,000 a day, it is estimated that ransomware attacks have cost New Zealand organisations US$25.9m this year. New Zealand has seen an increase in scam emails related to the pandemic as confusion around rapidly changing office and home office setups opens a rich vein of confusion for exploitation.

"Organisations using cloud-based services had the greatest flexibility to move to work from home models quickly as location is irrelevant – but for others it was a big change technologically and culturally. People are the weakest link in security. Shadow IT grows with every unauthorised app downloaded, even if well intentioned for remote collaboration - it might not be covered by the security rigour deployed across the rest of the organisation. Employers should ensure their people a) have secure direct access to applications, b) are trained to identify and avoid malicious scams and phishing attacks designed to exploit the fears and distractions created by the pandemic, and c) can quickly isolate devices or parts of the network to minimise the extent of a breach – because breaches are inevitable," Mr Whelan warns.

For more information about the Unisys Security Index, visit www.unisyssecurityindex.co.nz.

About Unisys

Unisys is a global information technology company that builds high-performance, security-centric solutions for the most demanding businesses and governments on Earth. Unisys offerings include security software and services; digital transformation and workplace services; industry applications and services; and innovative software operating environments for high-intensity enterprise computing. For more information on how Unisys builds better outcomes securely for its clients across the government, financial services and commercial markets, visit www.unisys.co.nz. Follow Unisys on Twitter and LinkedIn.

Contacts: 

Claire Hosegood, Unisys APAC,
+61 411 253 663, claire.hosegood@au.unisys.com 

Allan Botica, Botica Butler Raudon,
M: +64 21 400 500 - T: +64 9 303 3862 - E: allanb@botica.co.nz

[1] Source: "Strategic Outlook: New Zealand's Policing Environment Post Covid-19: Cybercrime and Cyber‐enabled Crime," New Zealand Police, May 2020. Obtained under Official Information Act (OIA).

[2] Source: "Strategic Outlook: New Zealand's Policing Environment Post Covid-19: Fraud," New Zealand Police, May 2020