New Zealanders need to better understand the risks of prioritising user features over security when it comes to the many internet-connected devices we use, says a Massey University cybersecurity expert. At the Massey University Future NZ Forum on Cybersecurity this month, Dr Andrew Colarik, a senior lecturer with the Centre for Defence and Security Studies, discussed the many ways in which our personal, company and national security information can be extracted and used against us.
Dr Colarik warned that New Zealand hasn’t invested heavily enough in infrastructure to make the country resilient against denial-of-service attacks, or to keep data safe. The problem, he says, is the infrastructure we have built is scaled for New Zealand’s population, but that same infrastructure connects us to the rest of the world.
“Everything we do in this country is now so dependent on the free flow of information and the connections that we maintain. Any disruption to that will have huge, cascading effects,” he says.
“A large denial-of-service attack could shut down communications to the whole country quite easily. If targeted for competitive or political reasons, there are very few organisations that would be resilient to that sort of attack.”
He says both individuals and organisations need to understand that communications infrastucture, by its nature, is not secure. “There are only measures of security,” he says. “The notion that the internet is secure is just salesmanship.”
He asked how many of us really think about the access we give to our information when we download an app or a game like Pokemon Go! “Pokemon Go! has the right to take all your pictures, all your contacts, basically everything on your phone and send it to the mother company. The company that owns it, their net worth increased by billions – how is that possible if the data isn’t worth something?”
In this digital landscape, New Zealand’s economic livelihood faces real threats, Dr Colarik says. New competitors are emerging all the time – and some will have the know-how and motivation to extract information for competitive advantage.
“What happens when an organisation’s own information is used against it? Customer details, costing and pricing structures, and other intellectual properties are all there for the taking if not properly protected.”
But he says this is not just a national security problem for the government to deal with.
“Sure, more investment in infrastructure is helpful, but what we really need is a cultural shift to strike the right balance between user features and security, and data useage and privacy. You can’t have your cake and eat it too.
“This needs to be done at a whole-of-society level. We all need to take responsibility for the level to which we share our personal data, and we need more education and greater discussion about who owns and controls our information. A genuine public/private partnership is essential for ensuring everyone’s prosperity in our digital future.”
After his speech Dr Colarik was joined by a panel of industry experts to discuss the strategic cybersecurity issues facing New Zealand and to share insights on how to make organisations more resilient to cyber-attacks.
They also acknowledged there was a lack of capability in New Zealand for dealing with cybersecurity issues, but identified it as an opportunity for the future.
“There is a global skills shortage – 1.5 million cybersecurity roles currently unfilled globally,” Ross said. “We have an ability here to actually build a workforce that we could be exporting in terms of skills and resource capability.”