Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

No certainty in security Neil Sanson
24 April 2018

plate 141 goshawk final3

CERT NZ recently released their quarterly report for October to December 2017.

CERT (originally denoting Computer Emergency Response Team) receives computer security incident reports, monitors trends in incidents and attacks, and provides alerts and advice on how to respond to incidents and prevent further attacks. The reports CERT receives might be from individuals, companies or government agencies. CERT also receives some reports that are more appropriately handled by other agencies, so their system is designed to pass these reports on to NetSafe, Department of Internal Affairs, Police or the National Cyber Security Centre as appropriate.

There is some overlap between CERT’s area of interest and our interest in incidents that lead to the exposure of personal data. Many of the incidents reported to CERT involve phishing and credential harvesting. The phishing may use personal information from earlier privacy breaches. Credential harvesting may mean that some personal information has been harvested, but the larger risk to privacy is generally from the use that may be made of those credentials.

CERT categorises four percent of the losses reported as involving loss of data. Not all of this would be personal data. This indicates that most computer security incidents do not (as far as we know) result in the disclosure of personal information.

CERT’s reports help everyone to understand the risks to their data. This is why when people report data breaches to us which are the result of a computer security incident (such as hacking) we encourage them to also report the incident to CERT NZ at www.cert.govt.nz.

Image credit: Goshawk - via Audubon's Birds of America





No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.