Cybersecurity expert Michael Jagusch believes most hacks involve social manipulation. Photo: 123RF
The cybersecurity agency has revealed more than half of New Zealand's small-to-medium businesses have been targeted by hackers and scammers in the past six months.
A new survey released on Thursday by the National Cyber Security Centre says the volume of cyber attacks on local businesses.
"Our research shows that [53 percent] of New Zealand's small-to-medium businesses experienced a cyberthreat in the last six months," mission enablement director Michael Jagusch said. "That's significantly higher than the 36 percent reported in last year's research."
He said businesses were keenly aware of the threat, but didn't understand how best to protect themselves.
"On one side, organisations believe cybersecurity is important, but they sometimes feel that they are already doing enough," he said. "This is maybe preventing them taking some steps that we would like them to."
Jagusch said the most impactful steps a business could take were regularly backing up their files and using two-factor authentication, which sends users a unique code each time they log in.
"What that means is, even if a cyber criminal gets hold of my password, they might not be able to access my systems, because there's another step in place, another layer of protection," he said.
"I think more people need to adopt it and more businesses need to be using it for some of their systems. It is a relatively simple, but a really effective way of adding another layer of protection."
Though popular culture often depicted hackers writing code in a dark room, Jagusch explained that the vast majority of hacks involved social manipulation.
"The most common threats reported to us through the research were scam calls and phishing, and those are normally when somebody is trying to gain some information from you and maybe use that information to access your system, or they're trying to trick you into paying them money," he said.
"I think it's important to remember that cyber criminals will normally try to do the least amount of work possible. If I can just ask you for your password and you give it to me, that is far easier than hacking into a system or gaining access through a different way.
"That's why we really encourage businesses to do the basics and to do the basics really well, because that will prevent you from the vast majority of threats that we see."
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
