The pace of cybercrime in New Zealand is accelerating, with experts warning that 2025 could see even more sophisticated attacks.
Leaders in cybersecurity, from global figures like Yubico executives to local authorities like CERT NZ, emphasise the need for businesses to adopt advanced security measures, including digital identity wallets and passkeys against cybersecurity attacks. AI’s growing role in digital crime is making this an urgent priority.
A Growing Threat to New Zealand Businesses
Cybersecurity threats are growing in scale across New Zealand, with CERT NZ revealing that a third of small and medium enterprises (SMEs) faced cyberattacks between April and September 2024.
The NCSC recorded a 58% spike in incidents in the third quarter of 2024, underscoring the severity of the situation.
AI-driven phishing is a major concern, enabling attackers to launch highly effective campaigns. Chad Thunberg, Yubico’s chief information security officer, stressed,
“These types of attacks usually focus on convincing the victim to take action but can be mitigated by validating the request using an alternative communication path – ideally one that is known to be good.”
Tools for a Modern Cybersecurity Framework
The push for stronger cybersecurity measures includes the widespread adoption of digital identity wallets, which offer a secure way to manage sensitive data and guard against identity theft. These wallets provide users with control over how and when their personal information is shared.
Stina Ehrensvard, founder of Yubico, highlighted their role, stating, “Digital identity wallets aim to offer a new approach to the use of federated identities where users are in control of when and where their personal data is shared – and with whom.”
Kiwi businesses are urged to incorporate these technologies. Meanwhile, passkeys, which provide a secure alternative to passwords, are gaining significant attention.
Derek Hanson, Yubico’s vice president of standards and alliances, expects rapid passkey adoption, though he warned that “reliance on outdated methods such as SMS-based multi-factor authentication (MFA) could slow adoption.”
The Strategic Role of Governance
Experts argue that a successful cybersecurity strategy begins with leadership. Mark Baker, New Zealand country manager for Check Point Software Technologies, emphasised the board’s strategic responsibility, stating,
“Far from being a passive observer, the board must play an active role in defining, supporting, and overseeing cybersecurity strategies to ensure long-term organisational resilience.”
He also recommended that directors undergo specific training to address the latest threats, such as ransomware, AI-driven attacks, and deepfakes. Ensuring alignment with regulatory standards and proper resource allocation is key to maintaining resilience against evolving cyber risks.