What we've seen
Reported incidents
In 2018, incidents reported to CERT NZ increased by 205%. These reports were received from individuals, small businesses and large organisations from all over New Zealand.
Top incident categories
The top three incident categories for 2018 were also the highest in 2017.
1,550 Phishing and credential harvesting reports
1,136 Scam and fraud reports
303 Unauthorised access reports
Financial loss
18% of reports made to CERT NZ had some form of financial loss with a total value of $14 million.
Over $8m of this loss was attributed to scam and fraud reports.
65% of the reports of financial loss affected individuals.
Vulnerability reporting
Vulnerability reports present a chance to prevent a cyber security incident before it occurs. Vulnerabilities reported to CERT NZ have ranged in severity and complexity.
124 vulnerabilities were reported to CERT NZ in 2018, 22 were managed under our coordinated vulnerability disclosure service.
For coordinated vulnerability disclosure, CERT NZ acts as an intermediary, coordinating with the finder and the vendor to get the vulnerability fixed.
Websites and web servers accounted for over 60% of vulnerability reports made to CERT NZ in 2018.
What we've done
Get Cyber Smart
Get Cyber Smart is CERT NZ’s primary platform to reach everyday Kiwis. In 2018 we worked with 95 partners who helped us reach more people than ever before.
Exercises
In 2018 we contributed to the national and global cyber exercise programme, contributing to and participating in four cyber exercises which help us test our national and international ability to respond to cyber security incidents.
Advisories
Advisories are our early warning system for New Zealanders. We triage incident reports we receive, and information about international cyber threats to get timely, actionable advice out to New Zealanders so they can protect themselves online.
We published 16 advisories in 2018.
