News & Thoughts from the Axenic Team
Axenic is proud to announce our new product offering which will substantially improve security at government agencies!
Government agencies have been telling us for years that they have struggled to implement the cable colour standards in the NZISM. Hampered by the fact that they don’t own the data centres, that it is hard to discover which cables are carrying which traffic, and that many of the data centres are overseas – agencies have given up. No longer!
Primarily the story about the Russian invasion of the Ukraine is one of great human tragedy. Nothing I write here is supposed to take away from the fact that the main story is about the suffering of the Ukrainian people.
Even at the other end of the world here in Aotearoa New Zealand, however, there will be impacts. Though they may just be echoes of the fury in Europe. It’s no secret that cyber attacks are part of Russian military strategy, nor that New Zealand organisations have been the victims of Russian cybercriminals. So what effects – if any – will the war in the Ukraine have on cyber security here?
Recently I’d been helping a customer negotiate their cyber security insurance – which turned out to be trickier than I expected. This got me thinking about the role that insurance played in cyber security. Then – coincidentally – I was reading a book on security (Paul Martin’s great “The Rules of Security”) and came across this sentence: “Insurance is sometimes described as a means of transferring risk, but it is really more of a mechanism for softening the financial impact of a loss.” (p 73). It got me wondering – at Axenic have we been thinking about insurance all wrong?
A few years ago there was an ad campaign for New Zealand making fun of the fact that we are often left off maps. When looking at cyber security news it often feels like we are missed off the map too. There were plenty of international round-ups of cyber security events for 2021, but few mentioned what happened here in Aotearoa New Zealand. To redress the balance, here’s our list of New Zealand’s publicly reported cyber security events from 2021:
All the experts agree – cyber security should be an organisation-wide concern. And yet, in my experience too many organisations, and too many people in those organisations think that cyber security is solely the concern of (a) the security team, or (b) the IT/digital team. In case you need convincing my favourite response is that if there is a cyber-attack (or incident) then it is not the IT team’s job that is at risk, but part of the organisation (if the HR system is compromised it is the HR team who won’t be able to work, not the IT or security teams). Who knows what the impact is of an attack? It’s not IT, that’s for sure. And who is best placed to balance off the needs of the organisation with the cyber risks? It’s not security: if you left it up to me, I’d turn everything off! That’s the only way to be sure (and I get no benefit from it being on, so…)
Recently I had an unpleasant privacy experience. I went to buy a concert ticket for my mother online and as part of the checkout process I was required to provide my date of birth and my gender! I was baffled and annoyed. What possible good reason could they have for this? It wasn’t an age-restricted gig and in any case, they didn’t ask for my mother’s date of birth but mine! I can think of plenty of bad reasons: