NEWS

Recent News at CCL

Good questions, better answers

By | General News

News and developments from Spark-sponsored Lightning Lab GovTech

Lightening Lab GovTech is a Spark-sponsored accelerator programme for public sector agencies to build, test, and validate new approaches and technologies for government. Ten teams are working side-by-side in the Lightning Lab facility over three months, before lifting the lid on their handiwork at a demo day showcase event on 5 November.

Stuart Van Rij coached teams participating in this year’s edition of Lightning Lab GovTech – Van Rij, a coach with the Camp Negotiation Institute, says the science of a good question involves knowing your mission and purpose – you’ve got to know why you’re asking the question and what you aim to find.

Ten teams have been working side-by-side in the Lightning Lab facility and will lift the lid on their handiwork at a demo day showcase event on 5 November.

Maggie Ford, a member of the Department of Conservation’s team exploring improvements to waste management practices at DOC sites, put the theory to test in a problem discovery sprint – a process designed to pinpoint the nature of problems and how they map to opportunities.

Learn more >>

Mental Health Awareness Week

By | General News

This week is Mental Health Awareness Week and CCL Together with Revera is focusing on the Five Ways to Wellbeing – Connect, Keep Learning, Take Notice, Be Active and Give. There is a lot happening this week, starting off with a wee treat on everyone’s desk encouraging team members to take a break and focus on the Five Ways to Wellbeing.

Explore your way to wellbeing – Whāia te ara hauora, Whitiora.

Meet the CCL, Reseller News Innovation Awards 2019 Finalists

By | General News

CCL has been shortlisted for three awards at this year’s Reseller News Innovation Awards:

Josh Penfold – finalist for Management Excellence

Karl Moore – finalist for Sales Excellence

And, CCL is a finalist for the Mid-market Partner of the Year award (CCL has won this award in 2018 and 2017).

The awards ceremony will be held on 23rd October. Good luck team.

CCL appoints Suzanne Miller – Director, Central Region

By | General News

Suzanne Miller has been appointed Director, Central Region, spearheading the newly-merged CCL’s business across the greater  Wellington and lower-North Island regions.

Completing CCL’s top-table line-up, announced in May this year, Miller joins CCL from Spark, where she held the position of Customer Unit Lead.

A former general manager of Datacom’s government cloud services, Miller’s track-record in the IT industry includes roles for a slew of top-tier organisations, including HPE and, client-side, IRD, Capital Coast District Heath Board, and Westpac Bank.

CCL CEO Andrew Allan said he was delighted with Miller’s appointment. “Suzanne has a formidable CV, with technical and leadership skills tested and proven in some of the country’s most dynamic organisations,” he said. “Her experience in cloud services, transformational change, and central government make her ideally placed to lead CCL in the central region.”

With 700-plus employees and 11 offices nationwide, CCL is the country’s largest New Zealand-focused IT services company, providing end-to-end IT management and multi-platform expertise to some of New Zealand’s most important organisations.

Since announcing the merger late February, the company has maintained a head of steam, winning significant transformation project work for New Zealand’s primary workplace health and safety regulator WorkSafe, and Children’s charity Barnados, as well was adding muscle in the public cloud arena with new accreditations from Microsoft and Amazon Web Services (AWS).

Workers still falling victim to old cyber tricks

By | General News

Fraudsters prey on busy execs’ impulsive email behaviour  

Few people these days fall for unsolicited emails from Nigerian princes offering juicy commission to transfer funds from a multimillion-dollar inheritance. But still plenty of Kiwis are being sucked in by a rising number of email phishing scams – and you can blame their impulsive email behaviour.

CCL’s security awareness service, which each week sends phishing look-a-like emails to thousands of employees working in organisations across the country, is registering a phishing success rate of 20-to-30 per cent among participating employees presented with their first duplicitous email.

CCL’s Head of Security, Tim Sewell, said analysis showed that while people in all job roles fell victim to phishing attacks, certain personality types, especially Type-A personalities, often found working in sales and leadership roles, appear more inclined to click duplicitous links and attachments.

However, personality type wasn’t the only factor to determine susceptibility, he said. “Personal workloads, stress, timing and context also influence the success rates of phishing attacks. For example, receiving a phishing email that looks like a courier company when you’re expecting to receive a parcel – bingo.”

Sewell said CCL’s training and education programme had reduced phishing success rates to around five per cent, with well-trained employees now regularly reporting phishing scams and being part of the solution.

In the meantime, real-life phishing incidents were likely to remain high as phishermen got more sophisticated, launching scams from previously compromised email accounts and impersonating trusted providers, such as Microsoft Office 365, Amazon, Google, even the IRD and NZ Post, he said.

“More people are working in the cloud and using browser-based logins to access services. As this behaviour becomes routine, people tend to let their guard down, providing an easy in for fraudsters to steal user login credentials,” said Sewell.

A report published by cloud security firm Avanan shows one in every 99 emails is a phishing attack, using malicious links and attachments as the main vector.

Closer to home, CERT NZ figures show the number of malware reports from Kiwi organisations more than doubled to 43 in the three months ended 31 December.

Phishing campaigns containing malware and targeting business customers of some New Zealand banks contributed to the increase. And in three incidents reported to the NCSC this year, New Zealand organisations lost nearly NZD$800,000 to ‘successful’ fraudulent invoice emails.

Sewell said multi-factor authentication (also known as MFA) helped reduce credential theft – one of the main prizes from phishing attacks – by requiring users to authenticate themselves to a website by another method, in addition to the standard username and password login procedure.

However, he said the additional cost of MFA and the inconvenience to users who are quick to moan about laboured access discouraged adoption, increasing the “attack surface” for criminals.

“And that’s a big problem, because once the bad guys have captured a user’s credentials their behaviour goes largely unnoticed – because there isn’t anything to trigger a security alert,” said Sewell. “That gives the crims time to watch and learn, email customers with revised payment details, send out mocked-up invoices, gain the trust of contacts linked to the compromised email account, and reply to existing emails.”  

He said regular, friendly phishing exercises, multi-factor authentication, and anti-phishing technology were essential steps in the current cybersecurity landscape, though tweaking existing policies in some cases was the fastest way to bolster defences, he said.

“For example, financial policies should ensure requests to change payment details are authorised and properly validated, without relying on email. Don’t accept emails as authorisation of payment method. And if someone keeps taking the phishing bait, maybe they’re in the wrong job,” said Sewell.