New Zealand businesses are at risk of attack from cyber criminals because they don't have the infrastructure necessary to fight them off, an expert has warned.
The warning comes as Prime Minister John Key visits China, a suspected source of many cyber attacks. Mr Key says New Zealand websites have been targeted, but won't specify where the attacks originated.
"The US has come out publicly and admitted that the White House, the Department of Defence have been attacked – they believe and have stated that this is coming from China," Paul Spain of IT support providers Gorilla Technology said on Firstline this morning.
"Also we've heard similar situations with Google, Facebook and Apple, so we can imagine that these sorts of things, these sorts of attacks might well be coming from China and from other parts of the world, certainly against our larger organisations and exporters – the likes of Fonterra and our bigger software firms.
"It seems highly likely, knowing what we know about the US cases, that these sort of things would be coming from China. We also know that North Korea is rumoured to have a team of at least 3000 that are working specifically on cyber warfare."
Mr Spain says small businesses are particularly susceptible to attack as they don't have the budgets to pay for much security.
"New Zealand small businesses are at risk… because they don't have the sort of structures to secure their information that governments do, and certainly not the same levels of budgets.
"One of the challenges that we have is that many small businesses have very weak structures around IT policy, security and so on."
Businesses that rely on free software are especially at risk of attack.
"Every business tends to use some free software – think of things such as Adobe Flash, Sun's Java software – those systems have actually been key attack vectors, and they're software that most organisations run," says Mr Spain.
"Also we see a lot of small New Zealand businesses that maybe work with an in-house IT person, or one individual that they outsource it to, those people often just don't have the level of expertise to know how to secure their systems."
An attack in Queensland last year saw a medical centre's patient details encrypted by cyber criminals.
"In this case they just said, 'Look, give us some money otherwise you can't have your data back,'" says Mr Spain. "It's very hard for a business to operate without the information that's on their computer systems."
Mr Key says the Government is "constantly upgrading" its defence against cyber attacks.