Whakapuakitanga
Foreword
In the 2022/2023 year, the NCSC recorded 316 cyber security incidents we disrupted, detected, or advised on. The proportion of financially motivated activity has exceeded state sponsored activity for the first time and the criminal activity we observe has greater potential impact to New Zealand’s wellbeing.
Organisations in Aotearoa New Zealand are defending against an increasingly complex cyber threat environment. We see heightened determination from cyber-criminal actors attempting to extort payment from organisations that are increasingly aware of – and resilient to – extortion and manipulation tactics. Meanwhile malicious cyber actors are adopting new techniques and technologies, challenging orthodox detection methods.
With the rapid arrival of emerging technologies like generative artificial intelligence (AI), organisations seeking to benefit from these advancements must be prepared to govern their use, and control for privacy and security risks associated with their adoption.
The NCSC continues to adapt in order to better position the nation to respond to this rapidly changing environment. This reporting year we estimate NCSC advice and capabilities prevented $65.4 million in harm to nationally significant organisations. Over the last four fiscal years, the number of incidents detected by NCSC capabilities accounted for about a third of total recorded incidents.
In June, we supported the provision of our award-winning disruption capability, Malware Free Networks® (MFN®), to defend the customers of a major telecommunications provider. As the result of growing partnerships, our cyber threat intelligence now directly protects millions of New Zealanders and their businesses.
Recently, Cabinet directed the integration of NCSC and New Zealand’s Computer Emergency Response Team (CERT NZ) functions to form the lead operational cyber security agency for Aotearoa New Zealand. By bringing together our people, capabilities, and domestic and international partnerships, New Zealanders stand to benefit from the consolidation of our mandates, along with a consistency of advice, and clearer knowledge about where to turn in the event of a cyber security incident.
This report offers actionable insights into Aotearoa New Zealand’s cyber threat environment, including mitigations to recurring tactics malicious cyber actors used effectively in high-impact incidents over the reporting year. We encourage organisations to use these to identify opportunities to uplift their cyber resilience when they review their cyber security controls and governance – and to reach out for further support as needed.
Lisa Fong (she/her)
Deputy Director-General, National Cyber Security Centre