Getting advice on cybercrime could soon be as simple as calling a freephone number.
National Cyber Policy Office director Paul Ash said it was confusing for people to work out where to go for help and advice, with about six different organisations that they could turn to.
Communications Minister Amy Adams said last week that the Government was reviewing its four-year-old Cyber Safety Strategy.
Ash said one of the questions being asked was what “0800 Cyber” might look like.
Consideration is being given to setting up a new national organisation, known internationally as a “computer security response team” or CERT, that would provide frontline help to both businesses and consumers.
The policy push comes as cyber-safety organisation Netsafe warns of a big jump in reported losses to online scams and businesses dodge a wave of “whaling frauds” targeting top-level executives.
Ash said police could also be provided with more resources to tackle cybercrime. “We think there is going to need to be a greater focus on that over time,” he said.
The first parts of “Project Cortex” had now been put in place, he said.
Cortex is a cyber-shield designed to protect government agencies and critical infrastructure providers, such as power companies, from sophisticated malware attacks originating from overseas.
The existence of Cortex was first revealed by Prime Minister John Key ahead of Kim Dotcom’s “moment of truth” event in Auckland a year ago.
“[Cortex] is in progress at the moment and the initial results from that are very promising for the kinds of support it has been able to provide,” Ash said.
Other achievements since the first Cyber Safety Strategy was drafted in 2011 included a big improvement in the way government agencies managed security risks, Ash said. That was accelerated by privacy breaches involving Work & Income kiosks. “It was a case of ‘don’t waste a good crisis’,” he said.
But Ash said a “cyber security toolkit” released by the Government last year to better educate small businesses about cybercrime prevention had not been used as much as hoped.
The Institute of Directors was holding an event on Thursday, one of the goals of which was to raise directors’ awareness of their responsibilities with regard to cybercrime prevention.
Bob Parisi, managing director of New York-based risk management company Marsh, one of the invited speakers, said training and awareness were key.
One US firm had gone as far as sending spoof emails to employees that made it appear as if their computers had been taken over by hackers.
“For eight seconds, if you clicked on the email when you shouldn’t have, it would look like the screen had been taken over and it was downloading malware. Then it would say ‘hang on, don’t worry, you have failed this test’.”
The company concerned had consulted with their human resources department before running the test and decided eight seconds was enough, he said.
When US insurers began insuring companies against harassment cases, they found the quickest way to ensure clients were a “good risk” was to “sit people down and teach them what was behaviour that was acceptable and what was unacceptable”, Parisi said.
“Same thing with security and privacy; train your people to know what is acceptable and what is unacceptable. Three-quarters of successful intrusions were from things that could have been prevented if people just followed common sense.”
View the original content and more from this author here: http://ift.tt/1Q31rWD
from critical infrastructure alliance http://ift.tt/1KbTlL7
via IFTTT
No comments:
Post a Comment