Image: Archi Banal / Dylan Reeve
Image: Archi Banal / Dylan Reeve

InternetDecember 14, 2021

Did half of New Zealand businesses really get hit by ransomware this year?

Contributing writer
Image: Archi Banal / Dylan Reeve
Image: Archi Banal / Dylan Reeve

Research by a cyber security firm suggests 55% of New Zealand businesses had been subject to a ransomware attack in 2021. Dylan Reeve was suspicious, so he looked into the claim for IRL.

More than half of Kiwi businesses fell victim to cyber-attacks this year – that was the dramatic title of a press release announcing a new report into cybersecurity in New Zealand.

It’s a huge claim given New Zealand is home to more than 500,000 businesses, and therefore immediately seems questionable. The conclusion was drawn from research conducted on behalf of Aura Information Security, an Australasian IT security consultancy owned by state-owned technology and communications company Kordia.

The headline snippet comes from a detailed report prepared for Aura by customer insights company Perceptive. In a survey of 362 “business IT decision makers” from New Zealand companies with at least 20 staff, 55% answered in the affirmative to the question, “Has your business or organisation been successfully targeted by a ransomware attack in the past 12 months?”

Two thirds of that 55% said they were able to resolve the attack before significant damage was done. 

Puzzlingly, the very same report has 62% of those surveyed saying their business had not “been subject to a cyber attack in the past 12 months”, and only 44% reporting that they’d been subject to an attempted cyber attack – responses that seem distinctly at odds with the 55% who reported a successful ransomware attack. 

Graph excerpts from Aura information security’s 2021 cyber security market report.

It’s obviously not realistic to extrapolate that 55% response to all businesses in Aotearoa, as that would equate to more than quarter of a million ransomware attacks locally in the past year, and the inconsistent answers probably reflect uncertainty, even among business leaders, about how to categorise and communicate about these threats.

The fact is that no one really knows how many businesses have suffered at the hands of cyber attacks, or to what extent. And that highlights the significant challenges faced by businesses, cybersecurity professionals and government in coming to terms with the impact of cybercrime on the country. 

Cert NZ, the government agency charged with understanding and responding to cybersecurity threats faced by New Zealanders, released their most recent quarterly report last week. The report looks at 2,072 incidents reported to Cert between July and September this year and identifies 18 that are categorised as ransomware. The previous two quarterly reports included 30 and 22 ransomware reports, respectively, for a total of 70 incidents across both business and home users in the first nine months of 2022. 

“No one is mandated to report to us,” says Nadia Yousef, incident response manager at Cert NZ, about the nature of their insights. “All of our incident reporting is just from incident reports that come in from the public. It is people reaching out to get advice, or to let us know so they can contribute to our understanding of the landscape.”

Cert NZ incident response manager Nadia Yousef says no one is mandated to report ransomware attacks. (Photo: supplied)

The very nature of cyber attacks, especially ransomware, means that it’s difficult to get a clear idea of the prevalence locally or internationally, because victims are often reluctant to disclose the attack. But it seems apparent by most measures that the risk to businesses continues to increase as businesses become more connected.

A point made in the Aura report, and echoed internationally, is that remote working has significantly increased risk to many businesses. Home computers connected to business networks via VPNs, and other remote working solutions, have dramatically increased the number of ways that attackers can get into corporate networks.

“Almost two years of playing ‘go home, stay home’ and we’ve moved much of our lives online during lockdowns. It’s become a much better attack surface for attackers,” Yousef confirms. 

More Reading

    Neither Aura’s report nor Cert can offer any magic solutions for New Zealand businesses. Instead, they have only warnings about increasing risk and the need for vigilance in the face of a trillion dollar international criminal ecosystem.

    “Even though it can sound really scary, and of course the incident volumes that we see are going up, the financial loss numbers are going up, and it can seem very ‘doom and gloom’ — there are some pretty tangible steps we can take to stay in front of [the risks],” says Yousef, of the advice Cert offers to New Zealand businesses and consumers. Long and unique passwords, two factor authentication and keeping software updated are the most useful. 

    For some (possibly unknowable) number a businesses the internet will bring pain and frustration at the hands of cybercriminals, but for most it will deliver opportunity, productivity and growth. Thankfully. 

    Keep going!
    Image: Archi Banal
    Image: Archi Banal

    InternetDecember 10, 2021

    The world looks different with a map in your pocket

    Contributing writer
    Image: Archi Banal
    Image: Archi Banal

    Digital maps are highly convenient, but what do we lose without the art of handmade cartography? Shanti Mathias explores for IRL

    “A map is a magical line that locates you in the world,” says Donald Preston, a visual design lecturer at Massey University. Like a GPS, I suggest: the dot that is your body rendered bright against the pixels of your screen. “The idea of the word map has changed,” he replies, sighing. “I’ve got over seeing [digital maps] as the devil; they’re terribly useful in their way.” Preston has loved maps all his life, and did his masters in the “emotive cartography” of maps – how we feel about the way that maps represent our world. 

    For thousands of years, humans have drawn maps to represent the world. Until the last few decades, those maps were always static; you could flip through the pages of a road atlas but you had to know how to read a map to correlate your location with the paper. Now, though, GPS technology is ubiquitous, the solid smooth cellphone in everyone’s pocket communicating with satellites orbiting thousands of kilometres above the land, locating you to an accuracy of 10 metres or less. 

    Maps are perhaps one of the most visible ways that the online world has real world consequences. In the 17 years since Google acquired Australian company Where 2 Technologies and launched Google Maps, digital maps integrated with GPS have become available on almost all smartphones. Consequently, our relationship to maps has completely transformed. 

    Digital phone apps are good for many things. Finding your way through an unfamiliar city. Discovering local businesses. Estimating how long it will take you to get somewhere. Generated by a mix of satellite data, cars with cameras, and surveying usually done by governments, these maps work exceptionally well in urban areas. Beyond that, though – anywhere the cellular network is patchy, or the named streets few – these apps are less useful. 

    In October 2020, for example, Radio New Zealand reported that farmers across Aotearoa were being confronted by strangers wandering through their land, because Google had failed to mark their roads as private. “Someone came through in the middle of the night [and] managed to reverse into a drain then they had to get out to get help,” farmer Fiona Hastie told Katie Todd. “They shouldn’t have been there in the first place.” Google had apparently decided that the roads were public from satellite images and location data. Google and Apple Maps are products optimised for urban areas, but don’t convey other useful information about land, like ownership boundaries or the shape and location of hills. 

    Comparing topographic map of Mangawhau to the Google Maps shows how these tools are designed to convey different information. (Image: Google Maps/LINZ/Shanti Mathias)

    For those who spend time outside of cities, locally designed apps with locally designed maps are important. “I’ve always loved topo[graphic] maps,” Stephen Tallon says. Tallon is the man behind Right Place Resources, the developer of Android and Apple apps that provide fully offline copies of the LINZ maps of New Zealand. These apps are popular; Tallon estimates that 1% of the New Zealand population has downloaded them, with the South and North Island at #1 and #2 in the App Store for navigation respectively.  

    The topographic maps LINZ produces have contour lines, showing how steep hills are. They also indicate types of land – a forest, an icy glacier, a sandy riverbank, a swamp – and tramping hut locations. This is a different kind of information to the flat, bland features of the default Google and Apple Maps that come loaded onto most smartphones. 

    “It’s a lovely way of showing information you don’t get from a street map,” Tallon says. His apps are mostly used by trampers and hunters, with overlays available to show hunting permit areas. Unlike Google and Apple, Tallon doesn’t gather any of a user’s location data, though users can add waypoints or mark routes to customise the maps for themselves. 

    “My research was a boring old love affair with cartography,” says Preston, the design lecturer. It was the art that spoke to him, but the semi-automatically generated digital maps leave him cold. “There’s no desire for aesthetics. It is practical, but it’s not easy to read – aesthetics engage you with a map.” He acknowledges that digital maps can be objects of beauty, but they aren’t usually the ones used for navigation. 

    Digital maps are convenient, but most aren’t beautiful. (Photo: Icas94 / De Agostini via Getty Images)

    Tallon, who originally created his map apps so that he could have topographic maps on his phone, agrees. “There’s that handcrafted element of beauty in the [topographic] map that makes information easier to understand,” he says, a je ne sais quoi that is lost in standard apps. To look at a street map of your city might be very helpful for visiting a friend’s new house, but will give you little information about the land you traverse to get there. 

    That said, maps – topographic or standard – are powerful safety tools, and Tallon says that many search and rescue teams use his app. Lots of search and rescue missions are because people get lost, he says, not because they’re stuck. “You can largely eliminate that with maps and a GPS.” Even in cities, knowing where you are can be immensely useful if you need to find someone else, or return home.

    Ultimately, maps are a way to learn how to navigate the world. Does the pervasiveness of digital maps change how people explore? “I wouldn’t find my way through a [new] city with a map,” Preston says. Instead, “I’d explore, then think about it afterwards”. He worries that when everyone has a map in their pocket there is no compulsion to discover. 

    But perhaps the opposite is true. A shiny GPS circle on your screen situates you, Tallon says, so that “you are more connected with your environment”. Knowing where you are offers the confidence to traverse new places. “A map lets you see what’s there that might be beyond the horizon,” he continues. Explore first the map, then the world. 

    Internet