New Zealand is facing an ever-increasing challenge when it comes to cybersecurity: our relative isolation from the rest of the world no longer exists in a digital universe, as we’ve seen with the rise of cyber attacks on our shores in recent years. That’s why we’re fortunate to have a growing group of homegrown security providers who are keeping us safe as we embrace the new normal of hybrid work and anytime, anywhere living.
Our annual partner conference, Microsoft Inspire, never fails to live up to the name. Every year we get to see the incredible work being done by Microsoft partners, both locally and around the world, and I’m always encouraged by how well our New Zealand partners represent our small nation on the global stage.
And if one thing stood out about this year’s innovators, it was how so many of them are working in security. It really brought home to me that the quality and capabilities of our security providers is what will underpin the success of all our digital innovation in the years to come. The truth is, we can’t build castles in the cloud without some pretty strong defenders giving us the confidence to stake out exciting new territory, and backing us up to win.
The cybersecurity landscape has shifted dramatically since the pandemic, for obvious reasons. As we’ve all been catapulted into hybrid and remote working (in many organisations, for the first time), it’s opened up amazing new ways of working and engaging with customers – but also created countless new pathways for less desirable contacts to engage with us. Microsoft’s new global Cyber Signals report focuses on the worrying rise of “ransomware as a service”, where anyone with a desire to disrupt can simply hire ransomware from professional hackers to start their own criminal operations. This isn’t just an international trend. In the first quarter of 2022, CERT NZ reported ransomware attacks being up almost a third on the previous quarter.
As a number of high-profile local organisations have learned to their cost, “remote” doesn’t mean an equally remote chance of cyberattack. So what can we learn from some of our leading security partners?
DEFEND the whole supply chain
At Inspire, we recognised the achievement of our New Zealand Partner of the Year, DEFEND. DEFEND are leading the pack on a new approach to cybersecurity in New Zealand, working closely with key organisations to build security into their business strategies by design.
Too often, cybersecurity is seen as something to add on to existing services. First you build your system, then you buy a security product to defend it. Job done.
Except, there’s a lot more to it than that. DEFEND recognises that true security needs to apply at every step of the technology supply chain: not just on the services you use directly, but the services your suppliers use, and so on and so on, all the way through. There’s no point checking ID at the door if your building is made of Swiss cheese.
This approach is reshaping the approach New Zealand’s biggest organisations are taking to security, and it’s a major reason why DEFEND also won the Security Award at last year’s Microsoft New Zealand Partner Awards for its work with Foodstuffs.
Bring the best of global to the local level
Meanwhile, it’s fantastic to see the likes of Microsoft Global Security Partner of the Year, EY, launching specialist Cyber Security Centres here in New Zealand, to help organisations like Fonterra enhance their security postures.
EY’s services are built on Sentinel, Microsoft’s cloud-native security information and event management (SIEM) platform. According to Nicola Hermanson, EY NZ Cyber Consulting Lead, it’s crucial that cybersecurity providers have both the latest tools and local knowledge to be able to customise the services they provide to Kiwi organisations, rather than take a one-size-fits-all approach.
“Too often we talk to clients whose cyber security provider runs everything from offshore or small onshore capabilities. However, a security provider based exclusively overseas will never understand the intricacies of the New Zealand market, or be fully across all of the threats we’re exposed to. By having local professionals, along with our capability across the globe, we’re able to keep our finger on the pulse locally and provide a personalised service. At the same time, having a global network to tap into means we can also be available at all hours of the day,” she says.
EY joins PwC, which launched its own Cloud Security Operations Centre here recently, as well as major local provider Datacom, which announced its own managed security service, Citadel, last year. Citadel works alongside Microsoft Azure Sentinel to filter the millions of security events recorded for its customers and identify suspicious activity that needs investigation by Datacom’s skilled analysts.
Together, these leaders are combining the best global security standards and technologies with local knowledge to protect some of our largest and most mission-critical organisations.
Have a security roadmap
Above all, while security is the guardian at the gate, that means it also holds the key to exploring what lies beyond it. Businesses wouldn’t be able to digitally transform and move outside their old boundaries if they couldn’t trust their operations and data would be well protected. The answer is to have a great roadmap, with all the right elements built in from the start.
Microsoft Gold Security partners like Kordia and CyberCX offer their expertise on a wide range of issues, and will help with forward planning in a dramatically changing climate, supporting businesses to map out their transformation journey in a secure way.
These are uncertain times on plenty of fronts, and if we’ve learnt anything from the past couple of years, it should be that preparing for the worst eventuality is a much better approach than trying to play catch-up after it occurs. That’s the approach we need to take on security, and with such amazing expertise to make use of right here in our own backyard, there’s no excuse not to start right away.