Governments across the world, including in New Zealand, are engaging in “criminal negligence” by moving to centralise data without proper precautions, an Australian-based cybersecurity consultant says.
James Carlopio, director of Cultural Cyber Security, said most of the public and much of the business world underestimated how prevalent cybercrime was and the huge impact it could have on them.
“It’s time to panic. Wake up and smell the fear.”
Speaking at the All-of-Government NZ Digital Transformation Conference in Wellington, Carlopio singled out the shift to centralise health data as a particularly attractive target for criminals.
On the dark web credit card information could be bought for about $8, but a complete identity was much more valuable and would cost ten times that amount.
“That’s why I believe the centralisation of health data is being targeted, not only have we got all your identity information we’ve got your health information and we’ve got your financial information in a one-stop shop. We’ve made it once again very easy for the criminals.”
The Ministry of Health is working towards a single electronic health record system that would be accessible to patients, carers and decision makers as part of its Digital Health 2020 strategy.
It recently put out a tender inviting companies to submit business cases for the work, receiving 53 responses.
Carlopio said this work was inevitable and happening all around the world, but it was important that strong checks and balances were put in place and not sacrificed for ease of use.
“The doctors and the patients want it really simple and easy and open but you have to make sure that you realise the criminals are evil, I don’t know what other word to use.”
To emphasise his point Carlopio reeled off a list of figures illustrating the wide reach of cybercrime.
In 2017, losses across the world were estimated at US$615 billion, which would make it the 21st largest economy in the world.
New Zealand experienced the second largest number of ransomware attacks in the Southern Hemisphere last year.
Carlopio also stressed that while email scams and malware were huge problems the public also had to take personal responsibility to protect their own information.
Singling out social media, he said it was “insane” what people voluntarily put on Facebook including their address and where they were going.
“You don’t have to get off Facebook, but just get that any information you or your children have on Facebook is known to a criminal.
“So if you’re not comfortable with all of the information you have on Facebook in the hands of a rapist, a molester or some sort of criminal – if you’re not comfortable with that sort of person having the information don’t put it on Facebook.”
Governments not doing enough
In last month’s budget, the Government allocated a small funding boost of $3.9 million spread over four years for the agency charged with responding to cybercrime.
The Computer Emergency Response Team, or CERT, was created in 2017.
While the money will help, it is less than the $5.3m known to be lost by New Zealanders to cybercrime in the year ended April. That figure is just what was reported.
A recent report from CERT revealed pensioners were swindled out of $1m by cyber scams in the first three months of this year alone.
Carlopio said governments across the world were clearly underfunding cybersecurity and he didn’t believe they understood the gravity of the problem.
The only place that went against that trend in his opinion was London, which had declared its desire to be the safest place to do e-commerce and had taken serious steps to reach that goal.
“Governments have to get when they make things open and easy and centralised and put all that incredible juicy information in one place it’s the single most valuable resource on the planet to a criminal.
“As innovative as New Zealand is, as innovative as Australia is we’re losing because they have no restrictions, they have no funding problems.”
The rate of technological advancement was also working against those trying to combat cybercrime, he believed.
While “passport-level security” was often touted he did not believe this was enough and pointed to quantum computing, which would soon give criminals access to computers that could crack all current encryption and protection methods.
“We have to start waking up, we have to start behaving responsibly as adults and as the defenders and holders of centralised information the governments around the world are engaging in criminal negligence.”