Hundreds of New Zealand businesses are now losing money to cyber-criminals, NZTech chief executive Graeme Muller said at the New Zealand cyber-security summit in Wellington this week..
In the third quarter of last year, 281 Kiwis business reported cyber-security breaches and many others are likely to have suffered the same fate, without reporting it, Muller said in a statement.
The summit is the largest gathering of cyber professionals in New Zealand, working together to protect Kiwi businesses and organisations.
The average direct financial loss for small to medium business is still small, only a few thousand dollars, so, it often goes unreported.
“However, we know at least 13 Kiwi businesses lost more than $100,000 each near the end of last year. The most common crime involved is the unauthorised transfer of money, after a company’s email accounts was compromised.
“The criminals use phishing attacks to harvest credentials – looks like a real email and gets you to click on a link. This drops a piece of code onto the computer that looks for login and password details which it sends back to the criminal and you’re not even aware of it,” Muller says.
“Other common scams which resulted in businesses losing money included new business opportunity emails, fake investment opportunities and fake prizes.
“Then there are the hidden costs. A study by the UK government found that 56 percent of small businesses that suffer a breach, are victims of further attacks.
“They also found that 66 percent of businesses attacked make no substantial changes to prevent future attacks. We are inherently complacent. With criminals often only taking small amounts the individual cost feels small, whereas the collective economic cost is huge,” he says.
Muller adds that businesses also don’t take into account risk of reputational damage if data is stolen and the public finds out about it, also the costs of fixing computer systems that get damaged by hackers.
He says that it is estimated about 80 percent of cybercrimes could be prevented. He advises people to use and update complex passwords and use password safes and to install updates as they are provided by the tech firms.