Close

Ramping up New Zealand's response to cyber emergencies

In 2016, cyber threats cost New Zealand $257 million. According to information from NCPO (National Cyber Policy Office), seven out of 10 New Zealanders have experienced a cyber security issue. 

No one is immune. A large online retailer’s system was compromised, forcing the company to temporarily shut down its online shop over the busy Christmas period.

The company suffered a six-figure loss of earnings each day.

Elderly residents are regularly targeted online and on phone by scammers attempting to access bank account details and passwords.

The threat of cyber attacks is real and the impact goes beyond the bottom line.

Affected businesses say cyber attacks have impacted their brand and customer confidence. Many are left in doubt as to how much customer information has been accessed.

Recognising this, the Ministry of Business, Innovation and Employment (MBIE) were tasked with setting up a new national body – CERT NZ, a Computer Emergency Response Team, and they appointed DNA to the project to define and establish their brand and digital experience.

“CERT NZ provides businesses, individuals and large organisations, including government agencies with knowledge and support regarding cyber safety,” says Katherine Allan, our engagement director on the campaign.

The ultimate goal of CERT NZ is to help New Zealanders understand, avoid and reduce the impact of cyber security threats.

Establishing a national CERT connects New Zealand with an international network of 100+ CERTs.  It provides all New Zealanders with access to information on potential or real-time cyber attacks.

MBIE approached DNA in September 2016 with the goal of having the unit set up by March 2017. Timings were tight. 

“MBIE saw that getting CERT NZ out there quickly was paramount,” Allan says.

“We needed to ensure we built a robust, secure digital solution that was going to be simple, effective and ready for day one.

The objective for the day one release was to have and accessible, usable reporting function balanced without too much user overhead so as to be a disincentive for the public to actually report incidents. 

The system required the ability to log an incident, and apply a rating for prioritisation, plus core contact details as a baseline for data capture report by report. 

CERT’s scope is broad, with reporting prioritised for Cyber attack, virus, vulnerability, ID theft and online fraud – and through to cyber bullying, spam, objectionable material or online child abuse.

“We jumped in the deep end alongside their implementation team, collaborating closely to define requirements, the user experience and core functionality for day one and beyond.”

We targeted two key user groups: businesses and individuals, as well as IT specialists.

Because of the tight timeline, it wasn’t possible to do in-depth user research upfront. However, MBIE had done some initial user engagement so we had a viable starting point. 

“We used natural language forms, and completed a significant amount of user testing and engagement along the way to ensure what we were doing was appropriate, as well as refining the language to appeal to audiences,” Allan says.

The project used DNA’s full suite of expertise.  For the initial launch of CERT NZ on April 11 2017, we delivered a brand experience that portrays a safe and secure environment, with an authoritative yet approachable feel.

The CERT NZ digital experience is designed to appeal to all New Zealanders, from IT specialists to individuals at home.

Two separate reporting tools were developed to enable users to report incidents.  The tool for consumers and businesses utilises accessible language and ensures a user doesn’t need an understanding of IT terms to report an incident.

The tool for IT specialists captures more complex and technical information.

Inevitably for a government client, a number of key stakeholders were involved, including the project advisory board, partners and the Minister for Communications.

“The nature of the project was similar to a start up, so we set the approach up to allow us to run fast and in close collaboration with MBIE throughout,” Allan says.

“Everyone had the same focus and was on the same page as to what we needed to achieve. It enabled us to make good calls, eliminate unnecessary noise and ultimately get a great outcome.”

Having launched a day one product, DNA continues to work alongside MBIE to create and execute on an ongoing road map of enhancements.

After only being live for a couple of weeks, the response has been really positive and users have been able to successfully report numerous incidents to CERT NZ.