New Zealand Stock Exchange cyber disruption enters fourth day

Summary

The New Zealand stock exchange (NZX) halted trading operations for the final hour of trading on Tuesday, and then most of the trading day Wednesday, Thursday and again Friday morning due to distributed denial of service (DDoS) attacks which ‘impacted network connectivity’. The exchange reported that the attacks came ‘from offshore via its network service provider’, and it is unclear when trading operations will return to normal.

An alert had been issued last November by New Zealand based cybersecurity firm CertNZ that financial firms had received emails threatening them with DDoS attacks if they did not pay a ransom.

Report

Analysis

The fact that trading operations were interrupted due to a relatively unsophisticated DDOS attack, and that disruptions continue into a fourth day indicates potentially more serious underlying problems within NZX’s infrastructure. Stock Exchanges are critical financial infrastructure, and as such operational disruptions can have serious negative consequences for a huge number of clients. While the NZX is a comparatively small regional operation and does not carry the same global risk implications that would come from a trading disruption to a major exchange in New York, London, Chicago, Singapore, or Tokyo, it is always a concern when critical infrastructure gets breached.

It is also notable that this attack reportedly vectored through a third party—its ‘network service provider’. As we have previously discussed, the cyber governance of third-party cloud and managed service providers is just as important as a company’s internal cyber security, and is often the weak link that attackers exploit.

As the disruption enters a fourth day, questions are rightly being asked about NZX’s governance, including what standards are being applied and what resources have been deployed to adequately protect its digital assets? These are basic questions any company, let alone critical infrastructure operator, must be able to answer.

Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website