Colin James, Vodafone head of security; Dr Ryan Ko, University of Waikato lecturer; and Grant Hopkins, enterprise director Vodafone, at the Security Briefing.New Zealand\u2019s primary industries have the poorest understanding of cybersecurity threats and are the least prepared to manage them, according to the Cyber Security NZ SME Landscape 2014 survey.\nThe survey, conducted early this year, covered 500 businesses across New Zealand. The majority of participants surveyed were in the service industry (56 per cent), followed by primary (15 per cent), retail (15 per cent) and secondary industries which include manufacturing and transport and storage (14 per cent).\nPrimary industries support the bulk of the New Zealand economy, says Dr Ryan Ko, senior lecturer at the University of Waikato. These industries include agriculture, forestry, fisheries, electricity, gas, mining and construction.\n\u201cIf these and other export companies will face security glitches that might take the business down, it is not them who will just be affected, the whole of New Zealand is affected,\u201d says Ko on the key findings of the survey.\n\u201cWe are on the same canoe, if one canoe has a hole, it will sink,\u201d Ko tells CIO New Zealand at the cybersecurity briefing organised by Vodafone, which had commissioned the survey undertaken by the University of Waikato\u2019s Cyber Security Lab headed by Ko, and Colmar Brunton.\nKo says the \u201cgood news\u201d from the survey was that organisations holding \u201csensitive data\u201d such as banking, finance, insurance, and professional services companies that handle scientific data, have the highest awareness of cybersecurity threats.\n The goal is to create tools that will allow everyone to have capability to get back to business or address a security problem as easy as it is to send an SMS. Dr Ryan Ko, University of Waikato\nThe survey found more than half (56 per cent) of New Zealand businesses experience IT security attacks at least once a year, and that 70 per cent have been affected by computer scams, online fraud or viruses and malware.\nMoreover, nearly half of all companies surveyed (45 per cent) felt their business did not have adequate tools and policies in place to prevent or mitigate cyber threats.\n\u201cThe statistics are pretty alarming across the board but for the primary industries, it is particularly concerning when you consider the huge importance of the sector to the New Zealand economy,\u201d says Colin James, head of security at Vodafone New Zealand.\nGlobally, James says Vodafone sees around 65 billion cyber-attack indicators against its own infrastructure per month, but it is also seeing a marked rise in the number of attacks within New Zealand.\n\u201cYou get a lot of noise when it comes to security, how do you find that one little gem amongst all that noise that means something bad has happened and potentially you have been compromised?\n\u201cGeographical isolation isn\u2019t a safety net against threats. Gone are the days when all you needed was a firewall or virus scan to secure your company\u2019s private data. Threats are becoming more sinister and advanced in their capability; the players are the same, but the tools they have access to have evolved astronomically.\u201d\n The statistics are pretty alarming across the board but for the primary industries, it is particularly concerning when you consider the huge importance of the sector to the New Zealand economy. Colin James, Vodafone\nJames says there are also software update services for malware, so the malware updates itself. \u201cThey are taking a leaf from our own IT systems.\u201d\nThe rise of mobility also means businesses now grapple with security information outside the business environment, says James.\nMobile devices are outgrowing laptops, and there is more likelihood a tablet or mobile will be left behind in a bar or taxi compared to a laptop. The survey found 83 per cent of lost smartphones in 2014 resulted in compromised business data.\nSmall businesses or those with under 250 staff account for 30 per cent of targeted attacks. To avoid detection, most of the attacks and hacking occur during weekends.\nDespite these statistics, six out of 10 companies have no plans to increase their investment in IT security, notes James.\n\u201cBusiness leaders and IT managers need to re-evaluate where information is sitting these days; who has access to it and what security policies they have in place to protect against and prevent attack,\u201d says James.\n\u201cThe future for true cybersecurity lies with the vigilance of IT decision-makers \u2013 to ensure their systems are capable \u2013 and network providers to build more intelligent infrastructure capable of acting on threats to protect not only an individual user, but the overall integrity of the network,\u201d says James.\nVodafone, he says, has deployed its own system called Vodafone Secure Device Manager (VSDM), which enables a company to remotely manage and secure any device on its network \u2013 whether company owned or part of a BYOD program.\n\u201cWe need to ensure information is protected, regardless of where it resides. Intelligent networks operate by understanding what devices are connected to it, who is using those devices, who and what they\u2019re communicating with and what they\u2019re talking about.\n\u201cWithout this intricate knowledge, businesses run the risk of creating chinks in their armour and opening themselves up for attack,\u201d says James.\nKo, meanwhile, says the Cyber Security Lab at the University of Waikato is working on user centric tools. \u201cThe goal is to create tools which will allow everyone to have capability to get back to business or address a security problem as easy as it is to send an SMS.\u201d\nSend news tips and comments to firstname.lastname@example.org\nFollow Divina Paredes on Twitter: @divinap\nFollow CIO New Zealand on Twitter:@cio_nz\nSign up for CIO newsletters for regular updates on CIO news, views and events.\nJoin us on Facebook.