Good cyber security practices are a responsibility for all New Zealanders, as cyber security challenges are increasingly interconnected. Individuals, small-to-medium enterprises, the public sector, and critical national infrastructure are all potential targets of malicious cyber activity, as are their supply chains, and the impact can be felt beyond the original target.
Sophisticated cyber actors have continued to demonstrate the intent and capability to target Aotearoa New Zealand. A wider range of state-sponsored malicious cyber activity, and increased activity from some traditional cyber adversaries, was observed this year.
Advanced cyber tools and techniques are more readily available to malicious actors than ever before, lowering
barriers to entry and making it easier for them to work at scale and cause serious harm. Rapid developments in
enabling technologies such as artificial intelligence are also helping attackers to identify and exploit vulnerabilities more quickly and efficiently than ever.
Despite this growing sophistication, however, common techniques continue to be used by threat actors across Aotearoa New Zealand’s domestic cyber threat landscape. This means there are also well-known cyber security controls that could prevent these incidents from occurring.
The NCSC encourages readers to familiarise themselves with the techniques described in this report, and, most
importantly, take action.
The NCSC’s work to improve the nation’s cyber resilience continues, but it cannot do this alone. The majority of the country’s cyber security capabilities exist outside of government, so everyone must take a proactive approach to protecting their data and infrastructure, and, where relevant, their customers.