2021’s Cyber Security Events: A New Zealand Perspective

A few years ago there was an ad campaign for New Zealand making fun of the fact that we are often left off maps. When looking at cyber security news it often feels like we are missed off the map too. There were plenty of international round-ups of cyber security events for 2021, but few mentioned what happened here in Aotearoa New Zealand. To redress the balance, here’s our list of New Zealand’s publicly reported cyber security events from 2021:

Read More

The Grass Looks Greener from Here: Cyber Security Should Be Like Health and Safety

All the experts agree – cyber security should be an organisation-wide concern.  And yet, in my experience too many organisations, and too many people in those organisations think that cyber security is solely the concern of (a) the security team, or (b) the IT/digital team. In case you need convincing my favourite response is that if there is a cyber-attack (or incident) then it is not the IT team’s job that is at risk, but part of the organisation (if the HR system is compromised it is the HR team who won’t be able to work, not the IT or security teams). Who knows what the impact is of an attack? It’s not IT, that’s for sure. And who is best placed to balance off the needs of the organisation with the cyber risks? It’s not security: if you left it up to me, I’d turn everything off! That’s the only way to be sure (and I get no benefit from it being on, so…)

Read More


Privacy is Precious

Recently I had an unpleasant privacy experience. I went to buy a concert ticket for my mother online and as part of the checkout process I was required to provide my date of birth and my gender! I was baffled and annoyed. What possible good reason could they have for this? It wasn’t an age-restricted gig and in any case, they didn’t ask for my mother’s date of birth but mine! I can think of plenty of bad reasons:

Read More

Cybercrime is the gift that keeps giving

Being the grinches that we are we thought that instead of giving you a gift this Christmas we’d give you a warning! You’ll get a lot of messages over the next few days and weeks wishing you season’s greetings. Amongst them though, will be well-wishers with more sinister motives. My family has already received a scam SMS: it told us we had a package with an outstanding duty payment on it (of $2) and we just needed to follow the link to pay the amount and release our package. This is pretty typical of delivery scams that many kiwis are receiving at the moment. Luckily we had a bit of skepticism and a handy cybersecurity expert to seek advice from!

Read More


Lame names for Cybercriminals

Sometimes I think my cybersecurity colleagues believe they are living in a spy novel. I mean, we are all guilty of trying to make our day jobs sound more interesting or trying to make them sound more ‘sexy’, but this industry in particular takes the cake. Even the name “cybersecurity” is like “oooh, I work in a William Gibson novel!” Though we can’t fault someone trying to make their job sound better than “security guard at an online shopping mall”. Read More

The security that dare not speak its name

There is a debate at work about what to call what we do. Actually, it’s not really a debate, more sort of a code of silence, or an agreement not to mention the subject in polite company lest it offends. When the subject comes up there is a sort of shuffling of feet, nervous laughter, “ahem”s and a subject quickly changed. But in Axenic’s spirit of transparency let’s get this out in the open: is what we do information security or cybersecurity? Certain people (I’m not naming names but they have numbered among our more beardy team members) have had such strong views that even using the word “cyber” at work is like a red rag to a bull. Actually, while I’m being honest, I have to admit that even though I am amongst the least hirsute of our team, I had strong leanings that way. Read More