Central Building Surveyors

News Ticker

How manufacturers can prepare for the ESPR
Tech isn’t the Hero, it’s the plucky sidekick
Finding Your True Competitive Edge: A Guide for Manufacturers
Fixing manufacturing’s billion-dollar harm problem
Steel awards showcase local industry’s expertise and sophistication
Aotearoa’s Industry 4.0 journey
5S – Not That Old Chestnut
Scott Aylett, SEA Electrical a winner

Cyber Security

Dave Pham_Senior Solutions Architect at Yubico

Tips to maximise your consumer-facing passkey implementation

Dave Pham, Senior Solutions Architect, Yubico Passkeys have taken the online security world by storm since their inception in mid-2022, even if the underlying technology can technically be traced back to FIDO2 and its breakthrough onto the world stage in 2018. Popularity has no doubt exploded due to their widespread adoption by the world’s largest tech companies – who also happen to be the most used identity providers collectively – as millions of users begin to make the shift. They are seemingly heading towards becoming the new de facto standard of secure authentication for both apps and websites alike.  This is a massive leap forward for account security considering the underlying fundamentals are grounded in cryptography, which makes them extremely resilient to hackers and represents an approach that is magnitudes more secure than the traditional password. Although the distinction between passkey and FIDO2 credentials is extremely subtle, and many will often use the terms interchangeably, it should be clarified that passkey can refer to both classic FIDO2 credentials that are strictly device-bound (such as with hardware security keys) or syncable credentials that reside across multiple devices, generally via a cloud service or identity provider. But regardless of whether or not they are device-bound or syncable, passkeys are still a relatively new concept, and many software developers and security experts are scrambling to understand how to best integrate them into existing services and products (especially for those transitioning from password-based implementations). The nuances and best practices that lead to an optimised flow within a robust passkey implementation are still being fine tuned, and the most seamless UX possible may not yet be fully realised. While the passkey landscape is nebulous and still evolving, the aim of this post is to highlight a few staple considerations to get the most out of any consumer-facing passkey implementation and guide […]

Safeguaring PIC 2

The importance of operational technology cybersecurity

Rockwell Automation has partnered with cyber-physical systems protection company, Claroty, to release a white paper on safeguarding Australia and New Zealand’s industrial systems. In the face of an ever-growing climate of cybersecurity attacks, operational technology (OT) security specialists bear the weight of safeguarding Australia and New Zealand’s most critical infrastructure. Ensuring uninterrupted essential services such as energy, food and beverage, healthcare, data processing, and mining industries demands utmost vigilance. However, the recent Rockwell Automation and Claroty survey of 42 C-suite executives and heads of security exposes a concerning truth – many OT systems remain exposed and vulnerable. “A lot of the challenges organisations face today can be traced back to the fact that OT has traditionally been operated and managed as a separate entity from conventional information technology (IT) environments,” says Anthony Wong, regional director, South Pacific, for Rockwell Automation. The survey bears this out with 26% of respondents admitting that there is a low or medium level of collaboration between OT and IT, and the two units could do better. “Increasingly, cybercriminals are exploiting sometimes lax OT security as springboards to launch a wider attack across an organisation,” says Wong. For example, a recent cyber-attack on a major Australian meat packing company, forced the temporary shutdown of 47 sites across Australia and a ransom demand of $14.2 million. Key Findings: A Wake-Up Call 65% of respondents detected at least one OT-related cybersecurity incident in the last 12 months. 60% of cybersecurity leaders believe their budget is not enough to protect their operations 29% of respondents were concerned that an OT security incident could disrupt their production. 26% of respondents admitted having low or medium levels of visibility into the operations of their network. 26% of respondents worry that attacks could compromise the safety of their employees or others Just […]

checkmarx PIC

Checkmarx launches supply chain solution

Checkmarx, has launched the Checkmarx Supply Chain Security solution to identify suspicious and potentially malicious open source packages across the modern application development lifecycle.  Attackers are shifting their attention to the software supply chain by abusing open source software ecosystems, which have traditionally been trusted by the worldwide developer community. Checkmarx is bringing a developer-first approach to detecting supply chain attacks in code packages, leveraging a comprehensive suite of threat intelligence, behavioral intelligence and machine-learning models. Supply chain security research and thought leadership Over the past few months, the Checkmarx security research team has identified hundreds of malicious open source packages. Research articles highlighting three main types – dependency confusion, typosquatting and chainjacking – are available in the Checkmarx blog. Working in concert with Checkmarx Software Composition Analysis (SCA), Checkmarx Supply Chain Security identifies anomalies in the health and security of open source projects, analyses contributor reputation and also directly interrogates the behaviour of packages via analysis within a detonation chamber. The result is full-spectrum software supply chain insight and analysis that closes a significant gap in organisations’ application security. Current solutions in the market are reactive in that they rely on community feedback to detect vulnerable code and analyse the code, but not the person behind it. The Checkmarx Supply Chain Security solution is built on the principle of ‘don’t take code from strangers’. Checkmarx Supply Chain Security enables organisations to accelerate modern application development using open source software safely and securely through a full suite of critical capabilities: Health and Wellness and Software Bill of Materials (SBOM):Provides knowledge of the open source package and community, combined with SBOM creation. Malicious Package Detection:Detects dependency confusion, typosquatting, chainjacking and other malicious activities and packages. Contributor Reputation: Restores trust in the provenance of open source packages by eliminating the need to manually analyse contributor activity across all projects that could impact an organisation. Behaviour […]

Meeting PIC

Meeting manufacturing’s cyber security challenges

Scott Leach, Vice President APJ at cybersecurity firm Varonis In February 2021, Security Intelligence reported a 156 per cent increase in ransomware attacks on manufacturers worldwide.Some of the biggest attacks included a demand for $US17 million  from a Taiwanese laptop maker and another attack for $US34 million from an electronics manufacturer for Apple. Verizon’s 2021 Data Breach Investigations Report also found the manufacturing sector facing a significant increase in ransomware attacks. These accounted for 61.2 per cent of all breaches in the sector analysed by Verizon. None of these reports offered any reason for this surge in attacks on manufacturers. Still, it has been well-reported that the increasing interconnection of legacy operational technology (OT) and newer information technology (IT) systems has greatly increased the attack surface for manufacturers. OT can now be compromised to gain access to IT, and vice versa. To make matters worse, OT systems were historically isolated from the internet and therefore were not designed to face cyberattacks. Manufacturers must double down on security, and ensure their data is protected and managed safely. This is particularly important for customer data and intellectual property, which could be extremely valuable to a rival organisation. Taking a data-centric approach to security Traditional security measures rely on a ‘walled garden’ approach. Anyone within the walled garden–i.e., employees, contractors and those granted network access–are automatically assumed to be trustworthy, and not verified. Instead, a data-centric approach utilises a zero-trust model, where no-one is assumed to be trustworthy and every access attempt to sensitive data is verified. Typically, the identity of the accessor, the device they are using, their location and the data they are seeking access to are all checked against pre-authorisations. There are plenty of technology solutions available to implement a zero-trust policy. The hard part for any large organisation that […]

First AML-BionVehdin-MilanCooper-ChrisCaigou

First AML raises $30 Million in Series B funding

  New Zealand-based RegTech to enter Europe in global launch Growth fueled by strong customer demand and growing scrutiny in the wake of the Pandora Papers First AML provides an end-to-end due diligence platform that allows B2B companies to onboard and monitor clients more efficiently Over 350,000 entities have been verified in the company’s database Customer Due Diligence (CDD) and Anti-money laundering (AML) tech company First AML has raised NZ $30 million in a Series B funding round led by Blackbird Ventures and international investor Headline, together with renewed commitments from existing investors Bedrock Capital, Icehouse Ventures and Pushpay founder Eliot Crowther. Fraud and money laundering, already a critical challenge to all digital transactions, have been on the rise due to the global instability brought on by the COVID-19 pandemic. Investigations such as the Pandora Papers have also reignited concerns on AML compliance and the transparency of international financial transactions. Emerging legislation and regulation is also requiring a greater number of businesses and financial intermediaries to perform CDD and AML checks throughout the lifetime of all their customer relationships. First AML is solving this problem through its regulatory technology (RegTech) solution that allows B2B clients such as financial service providers, law firms, real estate agencies, and accountants, to streamline their anti-money laundering compliance processes and minimise risk. In the picture: Bion Vehdin, Milan Cooper, Chris Caigou. The company’s end-to-end due diligence platform automates the identity verification of customers, with complete visibility and management oversight. It also includes improved biometric identification for remote verification and visual tools to help users understand the ownership of complex company structures. Leveraging global trends and network effects Launched in 2017 in New Zealand, First AML has since expanded to Australia in 2021. Raised on the back of strong international customer demand, today’s Series B round […]

Cyber security concept. Encryption.

Why manufacturing needs a new approach to cybersecurity

  – by Robert Nobilo, Regional Director ANZ at Virsec Cyber-attacks continue to be an increasing concern for every industry. But recently they’re becoming a bigger issue for the manufacturing industry than most others. Cyber criminals frequently target manufacturing operations for their ransomware attacks. According to PwC’s Cyber Threats 2020: A Year in Retrospect report, the manufacturing sector and retail sectors shared the dubious honour of being the industries most targeted by ransomware: each accounted for 17 per cent of the total, well ahead of the second sector, technology, media and telecommunications with 10 per cent. The PwC report detailed one ransomware attack on a multinational manufacturer based in New Zealand; “The attack saw the vast majority of its systems encrypted and rendered inoperable, breaking its supply chain, halting global manufacturing and distribution, and putting its banking covenants at risk.” Another manufacturer hit by a cyber attack was local brewer Lion Australia, which also produces dairy products. In June 2020, it was hit by two ransomware attacks within 10 days, forcing it to halt beer production. The attackers were reported to be demanding a payment in excess of $AUD 1 million. Earlier this year, JBS USA Holdings, the world’s largest meat company, was hit by a ransomware attack and, as a result, paid a $11 million ransom. JBS Australia, Australia’s largest meat and food processing company, was disrupted by this attack and forced to close 47 meat processing plants in Australia. With these and other successful attacks, manufacturing will continue to be a high value target of ransomware gangs. The costly impact of ransomware on manufacturing The manufacturing sector is particularly sensitive to the impacts of ransomware and other cyber-attacks on two counts. Firstly, any disruption of day-to-day operations would likely leave a manufacturer unable to meet production demands, resulting […]