NZ Fry Up: Cybersecurity: Is it more intelligence than IT?; Two brands of smartphones rule; Standards NZ seeks entrepreneurs

New Zealand IT, tech, and telco news and views from our editor in Auckland.

NZ friday fry up logo
Getty Images

Cybersecurity: Is it more intelligence than IT?

Now in its third week battling a major ransomware attack, the Waikato District Health Board reports that half of its servers can be put back into service and that 20% of its workstation network is back in operation. From a patient perspective, that means its radiation therapy will soon be up and running, while diagnostic services across the DHB’s radiology and laboratory will be online by 11 June 2021.

Waikato DHB has several hundred servers, many major network sites, many thousands of workstations, and numerous mobile devices and specialist medical equipment, says chief executive Kevin Snee.

“Our current plan would see our hospitals digital capability improved by the end of next week. Although there will still be some way to go, this would be a big step on from the past weeks. Work to restore affected systems will continue over coming weeks, which will allow us to progressively stand our services back up,” Snee says.

You have to feel for the IT team, but you also have to wonder how the situation got to this. The NZX attacks in 2020, the Reserve Bank hack over the Christmas break, and now the Waikato DHB all point to a hugely challenging problem. One that is maybe more about attitude and understanding than just IT solutions.

Joerg Buss, a director at New Zealand cybersecurity provider Darkscope, says that, as bad at the Waikato DHB attack is, it’s relatively small compared to what occurring elsewhere in the world. The deeper issue is how cybersecurity is being addressed.

“The language [of cybersecurity] is all about protecting business risk or the impact of an attack, when we need to look at cyber risk and find information about where the attack is coming from. The two are very different,” Buss said. “An army has never won a battle without intelligence, and this is the same. What is needed is a deeper appreciation of who the cyber attackers are and how they think. … Their work is carried out on the dark web, and until New Zealand organisations understand what’s happening in this clandestine environment, they will not be protected against the next attack.”

Darkscope’s business model is monitor the dark web, so you might expect this rhetoric. But even so they have some pretty interesting stats. In the past two years, their system has found 9.8 billion pilfered records from various databases and 174,345 offers for stolen data ranging from $20 to $50,000 on the dark web.

Meanwhile over at CERT NZ, director Rob Pople notes in a recent report that the organisation is taking a proactive approach to stop phishing and scam attacks. Information provided in the report shows it does this by passing on reports to internet service providers, email providers, and security providers. “With this information, the providers can automatically protect their customers and disrupt the identified phishing campaigns. This may include stopping phishing emails before they reach people’s inboxes or blocking user access to a phishing website,” the report says.

An example of this when CERT NZ identified nearly 500 vulnerable Microsoft Exchange email servers and more than 100 compromised email servers, the majority of which belong to small businesses. It issued an advisory alert and contacted ISPs with information on vulnerable and compromised IP addresses, and it provided resources to help those affected.

CERT NZ’s effort is not exactly a deep dive in the murky waters of the dark web, but maybe that job is tasked to the Government Communications Security Bureau (GCSB).

The CERT NZ report also warns that bogus vaccination emails are the latest trick that phishers and scammers are using. The stats show the organisation received 1,431 incident reports between 1 January and 31 March 2021, a 25% increase on the same quarter last year. Reported direct financial loss was $3 million, up 7% from the previous quarter, while 23% of all incidents reported some type of loss (financial, reputational, data, and operational).

Two brands of smartphones rule

If a phishing email was the get through while you were out and about, chances are you would be receiving it on an Apple iPhone or a Samsung smartphone. According to IDC, those two brands accounted for 84% of the smartphone market in the first three months of 2021, and it’s mostly thanks to Huawei pivoting away from phones, leaving a gap for other providers to fill.

While IDC mentions that Motorola, Oppo, and Vodafone are slugging it out in the lowest price (sub-$150) market, it’s clear that Kiwis like to splash out on smartphones. “IDC anticipates 5G-capable share [of the smartphone market] to pass 50% in 2021Q3, as Android vendors launch devices in the mid-range price bands. The average selling price for 5G-capable devices was $1,550 in the first quarter, [and] IDC expects this to drop by at least 20% in 2021Q2.”

Standards NZ seeks entrepreneurs

Standards matter—of course they do. How could anything get done properly if there weren’t standards to adhere to?

There are more than 300 New Zealand standards alone, and if you were to write them all out it would run to 17,000 pages of print copy. That’s a lot of reading material contained on a website or in an ebook. And that’s why Standards New Zealand, the body that sits within the Ministry of Business Innovation and Employment, is looking for entrepreneurs to create new solutions that will make standards more accessible under its new ‘Value Add Programme’. This is in addition to its digital reader pilot that runs until September 2021.

“We are looking for entrepreneurs who can take the content of standards and use it in digital tools that will help users better apply standards in their everyday lives. Ideas the require a financial or technological investment by Standards NZ are now within reach of that value-add programme,” its proffer says.

In short, they want digital transformation, but they don’t want to pay for it. The idea is that entrepreneurial tech folks come up with ideas, and then they get to use the copyrighted standards to develop the solutions. If the pilot works, there will be some kind of revenue-sharing arrangement with the tech company and Standards NZ, and the company can even sell the tech to organisations overseas, albeit passively—that is, if someone contacts them via the website asking to use the solution.

There is a market out there. There are more than a million visits to the Standards NZ website annually, and just over 228,000 standards accessed via the organisation’s online library subscriptions. The areas that standards are used in are big-end-of-town sectors such as energy, construction, and manufacturing. The ideas range from digital calculation tools to augmented reality. Tech entrepreneurs have a month to respond to Standards NZ’s request for information.

Copyright © 2021 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
 
Shop Tech Products at Amazon