Hackers hit the weakest link - us

All it takes is a USB drive to hack into someone's computer (Getty)
All it takes is a USB drive to hack into someone's computer (Getty)

New Zealand is now the 18th most-hacked country in the world, and there is growing concern about the increasingly sophisticated measures hackers are using to break into Kiwi businesses.

When most people think of hacking they picture a person in a dark room with a computer. But as technology continues to evolve, so do the ways people carry out a hack.

Origin IT's Joerg Buss is hired by businesses to break into their systems and highlight their weaknesses. He says hackers now often work from the inside.

"Most of the companies they have one outside defence line, and inside there is really a lot of trust - so once I pass this barrier I can do whatever I want."

To get through the front doors, Mr Buss often poses as an IT specialist or a maintenance man for the vending machine or air conditioning.

"The people trust others and each other, so it makes it easier to get access to information."

Mr Buss says he often picks up passwords written on post-it notes on screens, or plugs in a USB drive used to steal software. He even leaves the drive lying around and waits for an employee to do the job for him.

Employee curiosity can also be exploited. Origin IT says around 50 percent of unidentified emails received by businesses are opened by employees - 30 percent of those then click on a link, which lets in an attack.

Jucy Rentals hired Mr Buss to put its systems to the test. Spokesman Dan Alpe says his employees were sent a dodgy email, and a small number of them clicked on the fake link.

He says even though only a couple of people fell victim, one is one too many.  

"When it comes down to the human level, that's when it tips over, and that was very interesting," says Mr Alpe. "I think we've got to find better ways of communicating with our staff around this."

The Institute of Directors has praised Jucy for sharing its experience with a hacking expert, and is encouraging others to follow suit.  

"If you're a modern relevant business who wants a future, you've got to be talking to cyber experts and you've got to have your cyber security looked at," says chief executive Simon Arcus.

Especially as ransomware email attacks increased by 160 percent in New Zealand last year, and only by 50 percent in the rest of the world.