Cyber specialist 'teaches good guys bad tricks'

Chief executives are increasingly interested in training up for the fight against cyber criminals, hackers and disgruntled IT workers, a Wellington cyber-crime specialist says.

Aura Information Security managing director Andy Prow said a recent approach from the chief executive of a large New Zealand insurance company was the first in his six-year security training career.

Prow's company runs training courses, mainly for web and IT developers, entitled "Teaching Good Guys Bad Tricks", which focus on how to protect their systems against hackers and cyber criminals.

The chief executive, whom he would not name, was conscious of the ability of both external and internal experts to hack into the company's data and cause chaos or hold it to ransom, Prow said.

"He said they as the execs were the victims in many ways of IT and staff members inside the organisation being able to cause them huge pain, huge stress and huge impact by doing things that they didn't understand."

Eight top executives cleared four hours in their schedules for a workshop which showed them how easily their smartphones, laptops, social media accounts and work systems could be hacked.

"When data gets out it will be the CEO and the CFO who are going to be the ones answering the questions to the board and to the reporters, and therefore they are the ones that need to understand and manage the risk," Prow said.

Two more chief executives from "medium-sized, high-growth tech start-ups" had since signed up for similar training courses. Prow's comments came at a panel discussion on cyber crime in Auckland yesterday.

Chartis Insurance regional vice-president Ian Pollard told the gathering a PWC global crime survey ranked New Zealand fourth in the world for the occurrence of cyber attacks.

Malicious cyber threats included online banking fraud, cyber terrorism, industrial espionage, insider attacks from disgruntled employees, and external hacking.

"Modern businesses do not just simply access the internet any more, they entirely operate within it and that means there are a lot more devices, more channels and more opportunities where data can be accessed, stolen, corrupted or leaked," Pollard said.

He said 75 per cent of organisations in the Asia Pacific region had experienced a cyber attack in the past 12 months.

The consequences of cyber crime to companies were extremely hard to research, but one estimate from security software Symantec put the cost at $625m in New Zealand alone last year. Fairfax NZ

The Dominion Post