One of the most bizarre data breaches involved a fish tank in a Las Vegas-based casino. The fish tank had a thermometer that was wifi-enabled and that’s exactly what allowed the attackers to get on the casino’s computer network and steal large amounts of personal data. Needless to say, the financial and reputational disaster that followed was phenomenal.  The attack still features at the top of many Google searches.

This story is six years old and one would think that the level of preparedness to handle risks of data breaches is much better.   Well, it isn’t.

Cybersecurity Readiness Index findings

According to Cisco’s 2023 Cybersecurity Readiness Index, only 15% of organizations globally have a mature level of preparedness to handle the security risks of the hybrid world. In Aotearoa, or New Zealand, that figure is even lower with only 14% of organizations falling into the mature stage of readiness.

This correlates with a higher percentage of cybersecurity leaders in New Zealand (69% compared to 57% of respondents globally) having experienced some form of a cybersecurity incident in the last 12 months.

Combined with the figures from CertNZ, the picture is not exactly rosy.  According to the Cyber Security Insights 2022, CertNZ recorded an average of 2,166 reported cyber security incidents per quarter, averaging a loss of NZ$4.5 million per quarter.

What should Kiwi organisations do?

Similar to rugby, there are a few strategies that businesses can take to address security gaps.  They can pivot their attack towards the weakest security area – the spot where they are most exposed.  While this has a potential for quick wins by preventing certain types of attacks, some businesses may view this as a piecemeal strategy.  After all, exploiting weaknesses in an enemy’s lineup does not guarantee victory.   A combination of tactics stands a far better chance.

It’s a mix of attributes such as physical strength, mental preparation and memorising game strategies that a successful rugby game needs.  Along these lines, a business is much more likely to prevent a data breach with a combination of approaches than when it banks on a stand-alone tactic.  Irrespective how polished that tactic might be.

Start with the basics

Helping local businesses tackle the cybersecurity basics and prevent potential attacks, CERT NZ has put together top 11 tips for simple, practical steps.  Preventing unauthorised access and credential theft via multi-factor authentication (MFA) is at the top of the list.

MFA is a great first step towards securing your baseline. Foundation of a zero-trust security model, MFA protects sensitive data by verifying that the users trying to access that data are who they say they are.  MFA effectively protects against many security threats that target user passwords and accounts, such as phishing, brute-force attacks, credential exploitation and more.  So when a password is guessed, hacked or phished, MFA helps by placing a barrier (a second factor) between the intruder and the system they are trying to access.

Cisco Duo helps organisations with this challenge.  In addition to a strong user authentication, it also provides device verification, helping to ensure that devices accessing corporate systems and applications meet the necessary security requirements.

In addition, Cisco Duo helps you protect against MFA targeted attacks which, in the last few months, have become more prevalent.  While there’s not one silver bullet that can stop all types of attacks, Cisco Duo has capabilities that will help you minimise the chances of a breach.

Tackling email-based threats

Email breach as it has been reported as the route for 40% of ransomware attacks, often achieved through phishing. According to a recent study, when asked to determine whether example emails and SMS were real or fake, only 5% of Kiwi IT decision-makers were able to correctly identify them all.  With the score as low for IT decision-makers, we can only assume what the score of someone less familiar with IT and security would score.

This certainly makes the case for blocking email threats before users even see them.  A fast response to and remediation of new threats in real time will also be in high demand, particularly these days when new and more sophisticated threats are always on the cards.

Cisco Secure Email helps to address this pain point, protecting Kiwi organisations’ cloud email from phishing, ransomware and spoofing, while safeguarding data with data loss prevention (DLP) and encryption.

Kia kaha in the world of phishing

Protecting users wherever and whenever they click so they won’t end up on phishing sites remains a top priority. No wonder, as phishing is consistently the most reported incident category to CERT NZ, making up 59% of reports in Q1 2022.  On average, CERT NZ receives 73% more reports about this category than any other.

This doesn’t come as a surprise.  Many sophisticated attack campaigns are designed to lure users into visiting malicious websites or downloading infected applications.  In line with this trend, more and more Kiwi organisations have started to secure web traffic throughout their infrastructure and control how users interact with cloud-based applications.

Cisco Umbrella Secure Internet Gateway (SIG) provides such a capability, securing internet access and controlling application usage across networks, branch offices, and roaming users. As workers become increasingly mobile, SASE capabilities need to be the next point of emphasis for security.

Nah, she’ll be right

While we love the optimism of this phrase, cybersecurity tends to favor pessimism.  Perhaps the best proof is the well-known industry term that has become the North Star for many organisations – zero trust or “never trust, always verify”.  In line with this, Kiwi businesses should prepare for the worst and take proactive steps to stay on top of potential attacks.  Rather than opting for a standalone strategy, they should adopt a comprehensive approach, trying to kill a few birds with one stone.

Cisco Secure Email Threat Defense, Cisco Umbrella Secure Internet Gateway (SIG) and Cisco Duo, a part of Cisco’s Security Step Up promotion, deliver multi-layered defenses against phishing attacks, credential theft, and malicious web exposures.

The combination of the three solutions delivers simplicity. We know that security that’s difficult doesn’t get used.  Security that’s simple means easy to deploy, manage and use.  No need to rip and replace —it works with what you have.

The trio also delivers security resilience by reducing the need for investigation, response, remediation—even help desk requests.  That’s great news for your IT team which can subsequently focus on more strategic initiatives.

And finally, Cisco Secure Email Threat Defense, Cisco Umbrella Secure Internet Gateway (SIG) and Cisco Duo, are delivered on cloud.  Cloud security can help block threats earlier while protecting everything, everywhere. As you add more connections—users, cloud applications, devices, and more—you’ll be able to protect them quickly and easily against threats.

So yeah, once you’ve closed your security gaps with protection against phishing, ransomware, stolen credentials, malware, and other threats, you’ve pushed your level of security up a notch and there’s a greater chance that she’ll be right.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels



Slavka Bila

Product Marketing Leader

Security Business Group