Ahead of Cyber Smart Week and following the cyber attack on Australian telecommunications company Optus, 1News checked in with three major players in the New Zealand market to see how Kiwis are being protected from cyber crime.
The computer hacker who stole the personal data of almost 10 million customers of a telecommunications company in one of Australia’s worst privacy breaches used techniques to conceal their identity, actions and whereabouts, police said on Friday.
But Optus maintains it was the target of a sophisticated cyber attack that penetrated several layers of security.
1News spoke to telecommunications companies, Spark, Vodafone and 2degrees about their security measures and how they help keep their customers’ data safe.
Vodafone/One NZ
Sam Sinnott, spokesperson from Vodafone, said it’s aware of the cyber attack on Optus, “and like all large companies, we take our responsibilities around cyber security extremely seriously”.
“Due to the sensitive nature of this topic, we can’t share more detail with you, however we regularly test and review our cyber security defences, including the technology, processes, and training that we have in place to keep our customers, systems, and employees secure.
“We can also share that DEFEND is an award-winning company themselves and their expertise is invaluable to New Zealand businesses. DEFEND offers a range of threat protection services as well as incident response and security management and has won multiple awards including Microsoft’s New Zealand partner of the year for 2022,” Sinnott said.
At an announcement about the company’s rebrand to One NZ last week chief executive Jason Paris said Vodafone has a 24/7 manned cyber defence centre.
He said every business customer will have the opportunity to upgrade to Microsoft’s premium security offering as Vodafone becomes One NZ.
“Given what’s happening recently in Australia – the security breaches and the constant attacks that New Zealander’s don’t see but we defend every single day – it’s a great thing for New Zealand businesses,” Paris said.
Paris said the company has a range of world-leading technology solutions that makes sure “we are sensing in real-time all of our applications, all of our networks to make sure our customers are protected”.
Vodafone has several web pages dedicated to its security services along with educating customers on how to keep their information safe.
Spark
A Spark spokeswoman told 1News it operates one of the largest security operation centres in the country with over 180 security subject matter experts.
“Eight years ago, Spark became the first New Zealand entity to join FIRST (the global Forum of Incident Response and Security Teams) where membership is based on referral and on meeting strict criteria. Currently FIRST has more than 600 members, spread over Africa, the Americas, Asia, Europe and Oceania. To this day, only two New Zealand organisations are FIRST members (Spark and CERT NZ).
“The ever-changing nature of technology has brought with it an increase in sophisticated attacks and a different range of adversaries for security professionals to combat.”
Spark says it’s made significant investments in building its “threat intelligence platform”.
”While all organisations need to be prepared for cyberattacks, the nature of our business means that Spark has made particularly significant investments in building our threat intelligence platform and adopting industry best practice frameworks, such as MITRE ATT&CK (a curated knowledge base and model for cyber adversary behaviour), to ensure we continue to evolve our ability to protect and detect potential threats.
“We have also invested in security automation, orchestration, and machine learning, to stay ahead of ever evolving security threats.”
The company has a cyber security incident response plan that governs how it respond to any cyber security threats.
“We also have processes in place to ensure that appropriate ownership, oversight, and ongoing risk management is applied to our customers’ and Spark’s IT systems and data, with our cyber security subject matter experts providing oversight. Our processes are independently assured by our risk and internal audit functions and are often externally validated by qualified cyber security consultants or auditors.
“All of the measures outlined above both continue to ensure the security of our own networks, and also support Spark’s corporate and enterprise customers with their security needs,” Spark’s spokesperson said.
Spark has comprehensive pages on its website educating customers on how to manage their own security along with what the company offers in terms of protection.
2degrees
The CEO of New Zealand’s third largest telecommunications company told 1News “customers can feel secure that cyber security and protecting their data is of the utmost importance to us”.
“We take our responsibility seriously – as our customers expect us to – and sharing information on how we do that externally would potentially present a risk,” Mark Callendar said.
The company did not want to reveal any information about its software or how its cyber defence system works but said 2degrees is “vigilant” when it comes to protecting its customers.
“What we can say is that we continually invest in security, and we conduct regular, independent testing to ensure we are maintaining best practices. Scammers and hackers are sophisticated and purposeful, and we remain vigilant in our efforts keep our customers’ data and privacy safe.”
The company has several pages dedicated to help educate customers on being cyber-smart but less information about security measures it offers.
CERT NZ, a key component of New Zealand’s Cyber Security Strategy, is leading Cyber Smart Week next week and works with the police, the Department of Internal Affairs, the National Cyber Security Centre and Netsafe, to stay resilient to cyber security threats.
Discussion about this post