Story image

Tackling NZ cybercrime in 2017: Why recovery is just as important as prevention

10 Feb 2017

Cybercrime is nothing new. Every year, businesses across New Zealand are hit by some sort of virtual attack. Although Microsoft's Malware Infection Index 2016 ranked New Zealand 18 out of 19 Asia Pacific markets, the idea that businesses are safe is wrong. According to Keshav Dhakad, head of Digital Crimes Unit at Microsoft, the "Internet has no boundaries" and every business, including those in New Zealand, are vulnerable.

In fact, a recent story on CIO highlighted just how sophisticated the world of cybercrime is becoming. With big money to be made from hacking into a company's database and stealing sensitive information, scammers are now attempting to dupe the hackers. Selling everything from fake databases to made-up credit card information, scammers are posing as legitimate hackers in an attempt to make money from those in the virtual underworld.

Hacking is Becoming a Complex Industry

In response to the recent surge in scammers, a new database called Ripper.cc has been set up. The idea behind it is to store a list of known scammers so that cybercriminals can avoid them in the future. Aside from Ripper.cc giving cybercriminals a better insight into the rats in their own community, the site is evidence of how hacking is now an industry and not a pastime. If that's the case, businesses need to be even more vigilant.

Naturally, everything from web application firewalls, passwords and levels of access should all be a standard for any business with an online presence. However, what if it all goes wrong? What if a hacker does manage to break through your defences and access your company's sensitive data? According to data security company Incapsula, a disaster recovery plan (DRP) is not only essential for responding to these situations, but for helping to prevent them.

Learning How to Recover is Crucial

As defined by Incapsula, DRP is the process of responding to a disaster scenario in such a way that it supports "time-sensitive business processes and functions" and maintains "full business continuity." From a preventative perspective, a DRP gives businesses a clear idea of what risks it can face in the virtual world. Indeed, before defining what steps need to happen in order to recover from a disaster, a company first needs to know what potential disasters are out there.

Once your system is compromised and in a "disaster" state, the strategy you then use will be dependent on whether you're concerned about how long your service is offline (Recovery Time Objective - RTO) or how old data is handled once you're back online (Recovery Point Objective - RPO). Naturally, cost and practicality will affect a company’s DRP. For example, a "hot-hot" system using synchronous replication will ensure that a system is 100% synchronised at all times. This means that in the event of an attack, a parallel system kicks in so that your service stays online.

Small Businesses Can Also Afford a Recovery Plan

However, this method is resource intensive and, therefore, something that smaller businesses may not be able to afford. As an alternative, semi-synchronous replication will only kick in once a series of changes have been detected. If a company can afford some loss of data or downtime, this sort of system can be effective as it gives them just enough breathing space to recover and get back online without being too costly.

Whichever way you look at it, cyber security is essential for New Zealand businesses and a DRP is an important part of a complete strategy. Indeed, with The Herald reporting that cyber-attacks have more than doubled over the last five years, businesses across the country can't afford to take any risks. Although DRPs might seem like something only the biggest companies need to worry about, it's worth remembering that data from any source can be valuable for a hacker.

Game review: Crackdown 3 launches on Xbox One and PC
Crackdown 3 is an average game that may have come out 10 years too late, writes Damian Seeto.
WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
50 million tonnes of e-waste: IT faces sustainability challenges
“Through This is IT, we want to help people better understand the problem of today’s linear “take, make, dispose” thinking around IT products and its effects like e-waste, pollution and climate change."
Vocus & Vodafone unbundle NZ's fibre network
“Unbundling fibre will provide retail service providers with a flexible future-proofed platform regardless of what tomorrow brings."
NZ Cricket ups data analytics game with Qrious
The Black Caps and White Ferns have implemented a data and analytics solution from Qrious to monitor and improve game strategy and player performance.
Gartner: Smartphone biometrics coming to the workplace
Gartner predicts increased adoption of mobile-centric biometric authentication and SaaS-delivered IAM.
Samsung & Trade Me offer AI-powered shopping
The smartphone camera & AI-powered tech, Trade Me says, is a ‘glimpse into the future of shopping’.
Neill Blomkamp's 'Conviction' is a prequel to BioWare's Anthem
You may remember Neill Blomkamp’s name from such films as District 9, Chappie, and Elysium. If you’ve seen any of those films, the short teaser trailer will seem somewhat familiar to you.