Insights - Nextro

Fortinet Cybersecurity Threat Predictions for 2026: Key Lessons for New Zealand Businesses

Nextro Marketing — Mon, 01 Dec 2025 00:14:05 +0000

Fortinet Cybersecurity Threat Predictions for 2026: Key Lessons for New Zealand Businesses

Industrialized Cybercrime and the Acceleration of the Attack Life Cycle

Fortinet’s Threat Predictions for 2026 outline a rapidly shifting cyber landscape shaped by AI, cloud adoption, identity‑driven attacks, and the growing overlap between IT and OT environments. For New Zealand businesses , critical infrastructure operators, transport networks, and multi‑site enterprises, these trends highlight where security teams must focus over the next 12 months.

Attackers are gaining speed and scale through automation, while defenders face rising complexity across distributed networks. For organisations responsible for public services, essential assets, and high‑availability operations, these trends offer clear guidance on where to strengthen controls.

AI‑Enhanced Attacks Increase in Scale

Fortinet predicts attackers will increasingly use AI for reconnaissance, vulnerability discovery, and adaptive malware. This compresses attack timelines and reduces the early‑warning window for defenders, particularly in environments with legacy systems or geographically distributed assets.

Hybrid Work Expands the Attack Surface

Remote and hybrid work continue to expose organisations to attacks targeting home networks, personal devices, and cloud identity platforms. Fortinet highlights the rise of identity‑driven attacks such as MFA fatigue and session hijacking, an ongoing challenge for New Zealand’s mobile and multi‑site workforce.

Ransomware Evolves into Multi‑Vector Campaigns

Modern ransomware groups now combine encryption, data theft, service outages, and supply chain compromise. For New Zealand critical infrastructure, retail, logistics, and transport sectors, where continuity and reputation are critical, the impact of these multi‑vector attacks can be severe.

OT and IT Convergence Introduces New Risks

As operational technology becomes more connected, attackers can move laterally between IT and OT networks. Fortinet highlights this as a growing threat for water, energy, transport, and airport environments, sectors essential to New Zealand’s daily operations.

Cloud Misconfiguration Remains a Major Weakness

Despite maturing cloud security tools, misconfiguration remains one of the most common breach causes. Challenges include API exposure, excessive permissions, and inconsistent governance across hybrid and multi‑cloud platforms.

AI‑Powered Defence Matures

Defenders are also benefiting from AI. Fortinet expects broader adoption of behaviour‑based detection, automated investigations, and AI‑driven containment workflows. For lean New Zealand security teams, this helps scale capability without increasing headcount.

What New Zealand Businesses Should Do Next

Based on Fortinet’s 2026 outlook and Nextro’s own analysis, organisations should focus on:
• Strengthening identity security with phishing-resistant MFA.
• Deploying unified security across cloud, network, and endpoint.
• Increasing visibility across IT and OT environments.
• Adopting AI‑assisted SOC workflows to manage alert volume.
• Reducing attack surface through segmentation and zero trust.
• Hardening remote work and mobile workforce security.

Cybersecurity in 2026 will be defined by speed, automation, and the ability to operate securely across distributed networks. With an evolving threat landscape and attackers leveraging AI at scale, New Zealand organisations need modern, integrated cybersecurity platforms that deliver both resilience and operational efficiency.

Nextro supports customers across New Zealand and Australia to build secure, scalable, and integrated cybersecurity environments using leading Fortinet technologies and proven architectural frameworks. To understand how these technologies may secure your business, contact Nextro today.

Read THE FULL REPORT HERE

The post Fortinet Cybersecurity Threat Predictions for 2026: Key Lessons for New Zealand Businesses appeared first on Nextro.

Genetec Physical Security Trends for 2026: Flexibility, Automation, and Unified Security for New Zealand

Nextro Marketing — Sun, 30 Nov 2025 23:22:13 +0000

Genetec Physical Security Trends for 2026: Flexibility, Automation, and Unified Security for New Zealand

Genetec’s outlook for 2026 highlights key shifts in how organisations will deploy and operate physical security systems. These trends carry strong relevance for New Zealand’s airports, councils, critical infrastructure, transport hubs, and multi‑site enterprises seeking to modernise their environments.

The convergence of physical, cyber, and operational technologies means organisations are rethinking how they design, manage, and scale their security systems. Genetec’s predictions, with which Nextro concurs based on our own analysis, point to increased flexibility, intelligent automation, and unified operations as the defining themes for the year ahead.

Hybrid Cloud Becomes the Preferred Model

Discussion around cloud strategy is moving from adoption to flexibility. Organisations will select deployment models—cloud, on‑premises, or hybrid—based on performance, cost, and data residency requirements. Hybrid cloud architectures are expected to dominate in NZ due to connectivity and compliance considerations.

Intelligent Automation Goes Mainstream

Genetec forecasts a shift from hype‑driven AI to practical automation that reduces false alarms, improves monitoring accuracy, and accelerates investigations. For New Zealand businesses with lean teams and high‑volume environments, intelligent automation provides measurable operational impact.

Responsible and Transparent AI Becomes Mandatory

With AI becoming more common in security workflows, organisations are demanding transparency around data use, privacy, and cybersecurity safeguards. This expectation is especially important for councils and operators accountable to public governance.

Access Control Modernisation Accelerates

Traditional access control is evolving into identity‑centric security. Growth in ACaaS, mobile credentials, and biometrics supports occupancy insights, energy optimisation, and multi‑site management—benefits well‑suited to NZ’s distributed enterprise environments.

Unified Systems Enhance Security and Operations

Genetec expects rapid growth in IoT devices and connected building systems. Unified platforms that combine video, access, IoT, and building management allow faster decision‑making and improved incident response across facilities.

Cybersecurity Becomes Embedded in Every Device

Physical security is now inseparable from cybersecurity. Organisations expect secure interoperability, strong encryption, and robust data residency. As NZ facilities become more connected, secure‑by‑design architectures are essential.

What New Zealand Businesses Should Do Next

Based on Genetec’s 2026 predictions, organisations should:
• Develop hybrid cloud strategies aligned to performance and sovereignty
• Use intelligent automation to improve monitoring and reduce workload
• Apply transparent, responsible AI governance
• Modernise access control with mobile and identity‑centric systems
• Unify video, access, IoT, and building systems under a single platform
• Embed cybersecurity into every layer of physical security design

If your organisation is planning physical security modernisation in 2026, the Nextro team is available to help align technology, operations, and governance into a future‑ready, unified approach. Contact Nextro today.

Read THE FULL REPORT HERE

The post Genetec Physical Security Trends for 2026: Flexibility, Automation, and Unified Security for New Zealand appeared first on Nextro.

Strengthening Physical Security: What NZ Boards Need to Know About the PSR Framework

Nextro Marketing — Fri, 21 Nov 2025 00:05:22 +0000

Strengthening Physical Security: What NZ Boards Need to Know About the PSR Framework

21 November 2025 | Nextro Insight

Physical security is now a core component of organisational resilience, protecting people, information, facilities and critical assets. The New Zealand Protective Security Requirements (PSR) provide a comprehensive framework that government agencies must follow, and that private-sector organisations increasingly adopt as a proven best-practice model.

For boards, the PSR’s physical security policy is especially valuable because it sets out a clear lifecycle of responsibilities under PHYSEC 1–4. This lifecycle helps New Zealand organisations understand what they must protect, how controls should be designed, how they should be validated, and how they must be maintained over time.

Nextro regularly supports boards and executive teams to interpret and implement these requirements, particularly in environments where physical, cyber and operational security intersect.

Why Physical Security Matters to Boards

Physical security intersects with health and safety, information security, business continuity and asset protection. It is not a facilities issue; it is an organisational risk domain that requires senior oversight.

The PSR outlines clear expectations and provides a structured way to manage physical security risks.

Nextro sees consistent improvements in resilience when boards treat physical security as a strategic responsibility with dedicated reporting, budgets and clear ownership.

PHYSEC 1 – Understand What You Need to Protect

The first requirement demands a complete understanding of the people, information, assets and services your organisation relies on. This includes:

Identifying where assets are located
Assessing asset value, sensitivity and usage
Understanding threat likelihood and impact
Integrating health and safety obligations
Embedding security considerations into site selection

Directors must ensure the organisation maintains a current asset inventory and conducts regular physical risk assessments. Nextro frequently observes gaps where site selection or leasing decisions have been made without appropriate physical security input.

PHYSEC 2 – Design Your Physical Security

PHYSEC 2 requires organisations to build physical security into the early stages of planning, design and facility decision-making. This includes:

Establishing security zones (public, controlled, restricted etc.)
Implementing layered physical controls
Developing site security plans
Aligning controls with business impact levels
Using approved or certified physical security products

Security must be intentionally designed, not retrofitted. Retrofitting increases cost, complexity and operational disruption. Nextro strongly recommends that boards require physical security design sign-off for all major initiatives.

PHYSEC 3 – Validate Your Security Measures

Controls must not only exist—they must work. PHYSEC 3 requires organisations to:

Validate correct installation of physical security controls
Identify vulnerabilities and weaknesses
Complete accreditation of security zones
Escalate and formally accept residual risks at senior levels

Boards should expect structured assurance reporting rather than simple statements of compliance. Independent validation, inspection findings, accreditation status and remediation actions should be part of regular board or committee updates. Nextro often finds that organisations assume controls are working without having tested them independently. This is a key governance risk.

PHYSEC 4 – Keep Your Security Up to Date

Threats evolve, assets change and technology ages. PHYSEC 4 requires:

Continuous vulnerability monitoring
Regular maintenance and lifecycle replacement
Updated site security plans
Incident response readiness
Retirement of outdated or ineffective controls

Effective physical security requires ongoing investment, not a one-time upgrade. Boards should ensure budgets cover maintenance, operational support, supplier oversight and periodic review cycles. Nextro’s assessments show this is the most common area where organisations fall behind.

What New Zealand Boards Should Do Next

Based on the PSR framework and Nextro’s experience advising organisations across New Zealand:

1. Request a physical security roadmap: It should align to PHYSEC 1–4, include a gap analysis and be supported by an implementation plan.

2. Confirm clear executive accountability: One senior leader must own the physical security lifecycle and provide regular reporting.

3. Ensure physical security is embedded into all major organisational changes: Projects relating to property, construction, technology, operations and procurement should reference PHYSEC requirements.

4. Strengthen assurance and validation: Boards should require evidence of testing, inspections, accreditation and closure of identified risks.

5. Require periodic review and maintenance: Maintenance plans, lifecycle schedules and threat reviews must be standard practice.

6. Improve board reporting: Useful metrics include:

Number of facility risk assessments
Zone accreditation status
Open vulnerabilities
Supplier compliance
Incident trends
Maintenance, lifecycle progress and budget adherence

Nextro can help develop these metrics and connect physical security oversight with broader risk and resilience reporting.

Risks of Inaction

If physical security is not governed effectively, organisations face:

Harm to staff or the public
Compromise of sensitive information or assets
Service disruption and operational downtime
Legal, regulatory and financial consequences
Reputational impact

Many incidents stem from basic physical security weaknesses, making this a critical governance priority.

Final Thought for Boards

The PSR’s physical security requirements provide a clear, structured and practical framework that boards can rely on. By aligning governance to PHYSEC 1–4, organisations significantly strengthen their ability to protect people, information and assets.

Nextro partners with boards and executive teams to assess current maturity, develop roadmaps, implement PSR-aligned controls and lift ongoing assurance.

Please contact Nextro today to discuss how we can help you implement PHYSEC 1-4 for your business.

The post Strengthening Physical Security: What NZ Boards Need to Know About the PSR Framework appeared first on Nextro.

Building Geopolitical Resilience in Times of Uncertainty

Nextro Marketing — Mon, 10 Nov 2025 23:02:56 +0000

Building Geopolitical Resilience in Times of Uncertainty

11 November 2025 | Nextro Analysis

The world is entering a period of sustained uncertainty. From shifting alliances and regional tensions to supply-chain constraints and cyber warfare, the boundaries between geopolitics and business risk have blurred. As ASIS International highlights in its latest article, Geopolitical Resilience in Times of Uncertainty, resilience now depends on how well organisations anticipate and adapt to these forces.

For New Zealand businesses and Nextro clients, especially those managing critical infrastructure, strategic manufacturing, or strategic logistics, this shift is more than academic. It affects how we design cyber, physical, and electronic security systems, plan for business continuity, and protect our New Zealand’s capabilities.

Understanding Geopolitical Resilience

Geopolitical resilience is described as the outermost layer of resilience. It moves beyond conventional risk management by looking at the underlying political, economic, social, and technological conditions that shape disruption.

Rather than reacting to crises, resilient organisations build the capacity to forecast, absorb, adapt, and recover. They treat resilience as a system-wide discipline that unites business strategy, operations, and security under a shared understanding of risk.

At its core, this approach encourages convergence. That is, the breaking down of silos between physical security, IT, and cybersecurity so that organisations can see the full picture of risk and opportunity.

The New Vectors of Risk

The article identifies four major forces reshaping organisational risk today (all of which are relevant to New Zealand businesses):

Economic and regulatory exposure
Trade restrictions, tariffs, and regulatory shifts can quickly alter how and where organisations operate. Protectionism, energy security, and data sovereignty now carry real business implications.

Supply chain vulnerability
Global supply networks are increasingly politicised. A single choke-point (such as a disrupted maritime route or a restricted technology export) can cascade across multiple industries. Building supply-chain resilience means diversifying sources, auditing dependencies, and modelling geopolitical scenarios.

Cyber and information threats
Cybersecurity cannot be viewed in isolation. Geopolitical tensions often shape the motives, funding, and tools of threat actors. State-sponsored campaigns and disinformation efforts highlight the need for security strategies that combine digital, operational, and human intelligence. New Zealand businesses and critical infrastructure are not immune.
Socioeconomic pressure and public perception
Inflation, social unrest, and disinformation all feed into risk landscapes. Understanding how these forces interact helps organisations prepare for reputational and operational impacts alike.

Breaking Silos and Seeing Opportunity

Building geopolitical resilience is not just about risk mitigation—it’s about readiness and agility. The article calls for an integrated mindset: connecting business leadership, operational security, and technology teams so that decisions are informed by a shared awareness of the wider environment.

This shift transforms security from a reactive function into a proactive enabler of strategy. It helps identify opportunities, such as diversifying markets, relocating supply chains, or investing in technologies that strengthen autonomy and reliability.

At Nextro, we see this alignment every day in our work with organisations that manage critical infrastructure, complex IT networks, and converged security environments. Resilience means more than protecting assets. It is about ensuring continuity of service and trust when global systems are under stress.

What This Means for New Zealand

For local businesses and agencies, geopolitical resilience demands new thinking. It’s about embedding foresight into planning, using data to monitor emerging risks, and ensuring that physical and digital systems are designed to adapt.

Key questions to ask:

Are your supply chains prepared for political or regulatory disruption?
Does your cybersecurity posture account for state-sponsored threats?
Does your physical security posture account for multi-dimensional attack vectors?
Do your business, IT, and security teams share a unified risk language?
Have you considered how global tensions could create opportunities to strengthen your position?

Nextro’s Perspective

At Nextro, we help bridge business strategy and security strategy. Our approach integrates physical security, IT networking, and cybersecurity into a unified resilience framework, helping clients adapt to a world where uncertainty is the new constant.

Resilience isn’t about standing still in the storm. It’s about knowing which way the wind is blowing, and designing systems that can adjust, absorb, and continue to perform.

Read the full article: ASIS International – Geopolitical Resilience in Times of Uncertainty

Please contact Nextro today to discuss how we can help your business.

The post Building Geopolitical Resilience in Times of Uncertainty appeared first on Nextro.

Unifying Hybrid Workforce Security with SASE

Nextro Marketing — Wed, 29 Oct 2025 04:43:47 +0000

Unifying Hybrid Workforce Security with SASE

A smarter, simpler way to protect users, devices, and data anywhere

Hybrid work has redrawn the security map

The modern workplace isn’t confined to an office. Employees log in from homes, airports, and client sites, often using personal devices and multiple cloud services. That flexibility brings productivity, but it also multiplies risk. Every new connection point expands the attack surface, making visibility and control harder for IT teams. Legacy tools like VPNs and point-to-point firewalls can’t keep up with this fluid, distributed model. The result is a mix of inconsistent security, rising threats, and growing complexity.

SASE brings clarity to the chaos

Secure Access Service Edge (SASE) changes how organisations approach cybersecurity. It merges networking and security into one cloud-native framework that protects every user and every connection, wherever they are.

Instead of stitching together separate tools, SASE unifies them. It combines secure SD-WAN, zero-trust network access (ZTNA), next-generation firewall (NGFW), secure web gateway (SWG), and cloud access security broker (CASB) capabilities into a single platform.

This integration means consistent policies, stronger protection, and simpler management, whether the user is at a desk in Auckland or working remotely in another time zone.

Why it matters now

The numbers speak clearly. Around 73% of executives see remote workers as a higher security risk, and the average breach cost for small organisations sits above $3 million. Attacks such as phishing, ransomware, and credential theft thrive in fragmented environments where visibility is limited.

SASE tackles this by enforcing zero-trust principles across the network. Every user and device is authenticated, authorised, and continuously verified. Integrated AI-driven threat intelligence detects and neutralises threats in real time, before they disrupt the business.

Built for scale, speed, and simplicity

SASE platforms are built to evolve with your organisation. They scale easily to cover new branches, contractors, or cloud applications without re-architecting networks. By combining secure SD-WAN with security service edge (SSE) capabilities, SASE keeps application performance high and latency low — ensuring a fast, seamless user experience no matter where work happens.

The Nextro perspective

At Nextro, we see SASE as more than another layer of defence. It’s a foundation for confident, resilient operations in a hybrid world. It helps New Zealand organisations simplify their security architecture, protect their people wherever they connect, and stay agile as their networks grow.

SASE isn’t about more tools, it’s about one smart, unified platform that delivers security and performance in equal measure.

Key takeaway

Hybrid work is here to stay. Security must adapt accordingly. SASE gives businesses the unified visibility, flexibility, and control they need to thrive securely in this new environment.

Contact Nextro today to discover how your organisation can strengthen the cybersecurity posture of its hybrid workforce.

The post Unifying Hybrid Workforce Security with SASE appeared first on Nextro.

Best Practices for Counter-Drone Deployment at Civilian Airports

Leon Harold — Tue, 28 Oct 2025 19:59:38 +0000

Best Practices for Counter-Drone Deployment at Civilian Airports

Unmanned aerial systems (UAS) are rewriting the rules of airspace management. What began as hobbyist innovation has become a tangible operational risk, especially for civilian airports, where even a single rogue drone can halt flights, disrupt schedules, and erode public confidence.

A new white paper from DroneShield, Best Practices for Counter-Drone Deployment at Civilian Airports, sets out a practical framework for how airports can get ahead of this emerging threat.

Why airports can’t ignore the drone problem

Airports move billions of passengers and tonnes of cargo each year. They are increasingly exposed to small, inexpensive drones operated by both careless hobbyists and bad actors.
Most incursions are accidental, but some are deliberate, with drones used for smuggling, surveillance, and targeted disruption. The line between nuisance and national security is thinner than ever.
For aviation authorities and airport operators, counter-drone capability is now part of the critical infrastructure playbook.

A layered approach to detection and response

DroneShield advocates a layered model combining multiple sensor technologies to detect, identify, and respond before threats affect operations.

Detection

RF sensors provide the first layer, passively scanning for control or telemetry signals.
Radar covers larger areas and can identify autonomous drones that don’t rely on RF links.
Optical and thermal sensors add visual confirmation, especially when supported by AI classification.

Response

In civil aviation, physical interception is rarely appropriate. Instead, airports rely on non-kinetic options such as:

RF disruption, which interrupts control links to force a safe landing or return-to-home.
Cyber takeover, which redirects or disables a drone through secure command override.

At the centre of this layered system is an integrated operations platform that fuses data from sensors, logs, and video feeds, enabling coordinated, legally compliant action.

Building operational resilience

Technology alone is not enough. The white paper highlights the importance of structured operations and collaboration across agencies:

Risk-based assessments to map terrain, likely launch zones, and communication vulnerabilities.
360-degree coverage extending beyond runways and approach paths.
Clear escalation and communication procedures across all airport departments and law-enforcement partners.
Regular training and simulation exercises to ensure readiness for real-world incursions.

The roadmap to implementation

DroneShield outlines a step-by-step pathway for airports adopting counter-UAS systems:

Conduct a comprehensive site and spectrum assessment.
Design a layered sensor network suited to the environment.
Integrate counter-drone technologies into existing security and emergency systems.
Carry out regular simulations and operator training.
Maintain and evolve systems to keep pace with new drone technologies and tactics.

This structured approach ensures compliance, operational resilience, and continuous improvement.

Why it matters for New Zealand crowded places and critical infrastructure.

While airports are a clear focal point for drone risk, the challenge extends far beyond aviation. DroneShield’s counter-UAS technologies are designed to protect a wide range of environments, from military bases and critical infrastructure to correctional facilities, public events, and stadia. Each of these locations faces unique operational and safety risks from unauthorised or malicious drone activity.

In the New Zealand context, these technologies have broad relevance: safeguarding national assets, maintaining public safety at major venues, and supporting resilience across essential services. As drones become more capable and accessible, the priority is not just detection but integration, ensuring that counter-drone systems work seamlessly with existing security operations, communications, and emergency frameworks.

For Nextro’s defence, infrastructure, and aviation partners, the message is clear: drone mitigation is not a single-use tool but a core component of modern situational awareness and risk governance.

Key takeaways

Drones represent an operational threat, not a novelty.
Layered detection and non-kinetic mitigation provide the safest, most effective defence.
Integration, coordination, and continuous improvement are critical.
Full-spectrum situational coverage beyond runways is essential for resilience.

Contact Nextro today to discover how your organisation can strengthen long-term security.

Download Whitepaper

The post Best Practices for Counter-Drone Deployment at Civilian Airports appeared first on Nextro.

Lessons for New Zealand from the Fortinet 2025 State of OT Cybersecurity Report

Nextro Marketing — Thu, 02 Oct 2025 01:06:44 +0000

Lessons for New Zealand from the Fortinet 2025 State of OT Cybersecurity Report

Global OT security trends and what they mean for New Zealand organisations in 2025

Fortinet has released its 2025 State of Operational Technology and Cybersecurity Report, a global study of 550 OT professionals across industries including energy, healthcare, manufacturing, and logistics. The findings show that OT security is maturing worldwide, with responsibility increasingly elevated to the C-suite, intrusions declining among more mature organisations, and best practices such as vendor consolidation, threat intelligence, and segmentation proving effective. For New Zealand organisations operating critical infrastructure, these trends provide valuable lessons. Nextro has analysed the report and drawn out insights specific to the New Zealand market.

OT security rises to the boardroom

One of the strongest messages from the report is that responsibility for OT cybersecurity is shifting into executive leadership. More than half of organisations now place OT security under the Chief Information Security Officer, compared to just 16 percent in 2022. This evolution signals that OT is no longer seen as a siloed technical issue but as a matter of corporate governance, risk, and reputation.

Maturity is the key to fewer intrusions

The study shows a strong link between security maturity and resilience. Organisations at the highest levels of maturity reported far fewer breaches, with 65 percent of Level 4 organisations experiencing no intrusions in 2025. In contrast, those at lower maturity levels faced more frequent attacks, particularly phishing and ransomware. For New Zealand, the lesson is clear: investing in structured, process-driven security yields measurable reductions in risk.

Consolidation as a path to resilience

Another major shift is the consolidation of technology vendors. Nearly eight in ten organisations worldwide now work with only one to four OT vendors, reducing complexity and simplifying operations. For New Zealand organisations, where teams are often small and resources tight, adopting a platform approach can bring similar benefits. Integration and simplification reduce overheads while enhancing visibility and security outcomes.

Preparing for regulatory change

Two-thirds of survey participants expect new OT compliance requirements within the next five years, and many believe these changes will arrive much sooner. While New Zealand has not yet introduced stringent OT regulations, the global move towards frameworks such as IEC 62443 suggests it is only a matter of time. Local organisations that align early with international standards will be better prepared for regulatory pressure and more resilient in the face of scrutiny.

Managing the legacy challenge

Most OT devices in use globally are more than six years old, with many incapable of being patched. This situation mirrors the reality in New Zealand, where industrial infrastructure often relies on ageing systems. To protect these environments, organisations must adopt compensating measures such as segmentation, OT-specific monitoring, and virtual patching. These approaches extend the life of critical assets without leaving security gaps.

Lessons for New Zealand leaders

The Fortinet 2025 report demonstrates that maturity, consolidation, and proactive governance are transforming OT security globally. For New Zealand businesses, the takeaways are clear: elevate OT security into board-level discussions, pursue continuous improvement to reach higher maturity, reduce complexity through platform integration, and prepare for both regulatory and legacy challenges.

Contact Nextro today to discover how your organisation can strengthen long-term security maturity, streamline through vendor consolidation, prepare for upcoming regulatory change, and manage the risks of legacy systems.

Read THE FULL REPORT HERE

The post Lessons for New Zealand from the Fortinet 2025 State of OT Cybersecurity Report appeared first on Nextro.

Learnings from the 2025 Data Security Report

Nextro Marketing — Tue, 30 Sep 2025 02:13:11 +0000

Learnings from the 2025 Data Security Report

Beyond Traditional Data Loss Prevention Solutions: Building Modern Data Security for New Zealand Organisations

In August 2025, Fortinet, in partnership with Cybersecurity Insiders, released the 2025 Data Security Report. Based on a global survey of 883 IT and cybersecurity professionals, the report explores the state of enterprise data protection, where traditional Data Loss Prevention (DLP) tools are falling short, and what capabilities are most critical for the future. New Zealand businesses are generating and sharing more sensitive data than ever before, from customer records and financial reports to intellectual property. Yet the Fortinet 2025 Data Security Report shows that legacy Data Loss Prevention (DLP) tools are increasingly failing to protect this information in today’s cloud-driven, AI-enabled environments. For New Zealand SMBs, enterprises, government agencies, and critical infrastructure operators, this presents both a challenge and an opportunity.

Persistent Risk in the Modern Workplace

The report found that 77% of organisations experienced insider-related data loss in the past 18 months, with most incidents caused by accidental errors rather than malicious actors. In New Zealand’s tight-knit business ecosystem, such breaches can damage trust quickly and have lasting reputational impact. What’s more, 72% of organisations admitted they lack visibility into how users interact with sensitive data across endpoints and cloud services. That’s a major blind spot as Kiwi businesses increasingly adopt SaaS tools, AI platforms, and remote working models.

The High Cost of Data Exposure

Globally, 45% of organisations reported financial or revenue loss from data exposure, with 41% estimating damages between $1 million and $10 million for their most significant incident. While the dollar figures may differ in New Zealand, the impacts are just as serious: operational disruption, regulatory scrutiny, and erosion of public trust.

For industries such as healthcare, financial services, and manufacturing, key pillars of New Zealand’s economy, the stakes are even higher when customer records, personal data, or proprietary designs are exposed.

Why Traditional DLP Falls Short

Traditional DLP tools focus on blocking data flows but fail to understand the context of user behaviour. Only 33% of organisations said they have immediate visibility into data usage, and just 27% could see which users were putting data at risk.

For New Zealand organisations, this means risk often goes undetected until it becomes a serious incident, whether that’s a staff member accidentally uploading sensitive files to a personal cloud, or AI tools being used without oversight.

What Security Leaders Want Next

According to the report, the top priorities for next-generation data protection include:
• Real-time behavioural analytics (66%)
• Day-one visibility into data flows (61%)
• Control over shadow AI and SaaS tools (52%)

These priorities align closely with the needs of New Zealand businesses, where rapid cloud adoption and increasing use of AI are reshaping how data is created, stored, and shared.

Nextro’s insights for New Zealand

The report highlights a clear shift: effective data protection must evolve from static enforcement to context-driven insight. For New Zealand organisations, the priority is not creating more alerts but gaining clarity around who is moving sensitive data, why it is happening, and whether the activity poses real risk.

By aligning Fortinet’s next-generation DLP and insider risk management capabilities with local requirements, Nextro identifies a pathway for New Zealand businesses to strengthen visibility, reduce the likelihood of accidental exposure, and build resilience against insider-driven incidents.

Contact Nextro today for a data security assessment and for building a modern data protection strategy that keeps your business secure in an AI-driven, hybrid world.

Read THE FULL REPORT HERE

The post Learnings from the 2025 Data Security Report appeared first on Nextro.

Why New Zealand IT Managers Must Embrace Operational Technology Security Platforms

Nextro Marketing — Wed, 23 Jul 2025 02:41:05 +0000

Why New Zealand IT Managers Must Embrace Operational Technology Security Platforms

As New Zealand’s critical infrastructure and industrial assets become increasingly digitised, cybersecurity risks tied to operational technology (OT) environments continue to rise.

Operational Technology (OT) environments in New Zealand face unprecedented cybersecurity risks as digital transformation accelerates. While IT leaders have traditionally prioritised information technology (IT) systems, the convergence of IT and OT now demands equal focus on securing critical industrial systems. Recent research conducted by Fortinet shows that 96% of organisations expect challenges as they move towards IT-OT convergence, yet the benefits in operational efficiency, cost savings, and innovation are too significant to ignore. This Nextro insight explores why embracing an OT security platform is essential for aligning with strategic goals like vendor consolidation and IT/OT convergence.

The Growing OT Threat Landscape

The rapid integration of IT and OT systems has expanded the potential attack surface. Threats once limited to IT now have pathways into OT, impacting industrial control systems (ICS) and supervisory control and data acquisition (SCADA) networks. Cybercriminals are increasingly targeting cyber-physical systems (CPS) in OT and critical infrastructure sectors, resulting in productivity losses, revenue hits, damage to brand reputation, compromise of business-critical data, and even risks to physical safety. In the past year, 9 out of 10 OT organisations globally experienced at least one intrusion, with malware and phishing being the most common attack vectors.

Why New Zealand IT Managers Need an OT Security Platform

The ongoing skills shortage across cybersecurity and network roles is magnified in OT, where specialised knowledge is critical. Historically underfunded and overlooked, OT teams are now overwhelmed. Increased cyberattacks have accelerated the demand for better cybersecurity protection for OT networks and their underlying systems.

The complexity of securing OT environments, combined with a shortage of skilled personnel, makes platform-based security essential. An OT security platform enables IT and OT convergence, vendor consolidation, and centralised management, simplifying operations while reducing the total cost of ownership. It also provides the flexibility to address evolving threats, ensures operational continuity, and supports strategic goals such as zero-trust security adoption.

For example, the Fortinet OT Security Platform integrates secure networking, security service edge (SSE), OT-specific security operations (OT SecOps), threat intelligence, and a broad ecosystem of technology partners. This unified approach eliminates the need for multiple disjointed products, reducing vendor sprawl and enhancing security posture across both IT and OT networks.

Key Considerations for Secure Digital Transformation

Organisations embarking on industrial digital transformation should assess potential security partners against several criteria:

– Full edge-to-cloud security coverage, from ruggedised firewalls and secure switches in industrial zones to cloud security capabilities.
– SD-WAN integration to improve ROI while enhancing security.
– Support for OT-specific protocols and asset discovery tools.
– Federated management and air-gapped licensing for secure deployments.
– An extensive partner ecosystem that integrates with existing vendor solutions.
– Converged IT/OT security operations for streamlined management and rapid incident response.

Capabilities of a Modern OT Security Platform

A comprehensive OT security platform should provide:
– Network segmentation and microsegmentation to isolate critical assets.
– Virtual patching to protect unpatched systems, with thousands of vulnerability signatures covering major ICS vendors.
– Asset discovery, compliance reporting (e.g., IEC 62443, NERC CIP), and risk analysis.
– Integrated threat detection, incident response automation, and deception technologies such as honeypots.
– AI-powered network detection and response for sub-second threat identification.

Supporting Consolidation and Convergence

At Nextro, we understand the unique cybersecurity demands of industrial operations in New Zealand. As a trusted partner for converged IT and OT security solutions, we help New Zealand businesses implement OT security platforms that align with operational requirements while strengthening cybersecurity resilience.

For New Zealand IT managers, the path forward involves leveraging OT security platforms to unify security controls, reduce complexity, and bridge the IT/OT divide. This approach not only strengthens defences against increasingly sophisticated threats but also supports operational priorities such as production reliability and personnel safety.

With the right platform, consolidation and convergence become achievable, enabling organisations to securely advance their digital transformation goals while safeguarding critical infrastructure.

Ready to secure your OT environment and simplify your vendor landscape? Talk to the team at Nextro today to explore how our Fortinet platform-led security solutions can support your digital and operational priorities.

Why IT Managers Need an OT security Platform Considerations when enabling secure industrial digital transformation EBook Securing Cyber-Physical Systems
with the Fortinet OT Security Platform

The post Why New Zealand IT Managers Must Embrace Operational Technology Security Platforms appeared first on Nextro.

Navigating the 2025 Cyber Threat Landscape

Nextro Marketing — Wed, 23 Jul 2025 02:40:15 +0000

Navigating the 2025 Cyber Threat Landscape

The 2025 Fortinet Global Threat Landscape Report paints a stark picture of an increasingly aggressive and sophisticated cyber threat environment.

With automation, artificial intelligence, and commoditised cybercrime tools at their disposal, threat actors are moving faster than ever. For New Zealand organisations, particularly those in critical infrastructure and cloud-first sectors, the shift to proactive cybersecurity is no longer optional, it is imperative.

Automation is fuelling a surge in reconnaissance

In 2024, cybercriminals ramped up automated reconnaissance efforts, with global scan volumes rising by 16.7%. These scans, often using tools like SIPVicious and targeting protocols like SIP and Modbus TCP, were used to map exposed digital assets before organisations had a chance to patch vulnerabilities.

AI and CaaS are supercharging cybercrime

Artificial intelligence has now become a staple in the cybercrime toolkit. Threat actors are deploying AI-powered tools like FraudGPT and ElevenLabs to generate phishing content, deepfake videos, and synthetic voices. Combined with the rise of Cybercrime-as-a-Service (CaaS), which offers everything from stolen credentials to Initial Access Broker services, the barrier to entry for attackers has never been lower.

Exploitation at scale: From initial access to persistent threats

Despite no significant drop in the time it takes to exploit vulnerabilities (remaining near a 5.4-day average), the scale of attacks surged, with over 97 billion exploitation attempts recorded in 2024. Common targets included IoT devices, firewalls, and routers, which are often exploited for lateral movement or botnet control.

Stealth tactics post-breach

Post-exploitation behaviours are increasingly stealthy, with attackers using legitimate Windows utilities and encrypted C2 channels to evade detection. Techniques such as DCShadow and RDP-based lateral movement are growing more common, particularly in attacks involving ransomware or espionage.

Cloud remains a soft target

The cloud remains a primary battleground. Misconfigurations, over-permissioned identities, and exposed APIs continue to allow attackers easy entry.

Telemetry from FortiCNAPP revealed that in 70% of cloud compromise incidents, identity misuse from unfamiliar geographies was a key indicator. Attackers often move laterally within cloud environments using legitimate services for cover.

Nextro’s call to action for IT Managers

The report underscores the need for Continuous Threat Exposure Management (CTEM). NZ IT Managers must move beyond traditional threat detection and embrace proactive strategies such as adversary emulation, attack surface monitoring, and automated patch prioritisation. With threat actors operating at machine speed, cyber defence must do the same.

Nextro’s call to action for New Zealand

For organisations and their boards of directors across New Zealand, especially those operating in sectors like energy, transport, education, and government, the findings of the 2025 Threat Landscape Report are a pressing reminder that traditional defences are no longer sufficient. With automated reconnaissance now occurring at a rate of 36,000 scans per second globally, it’s not a question of ‘if’ a vulnerability will be found, but ‘when’.

Nextro works with New Zealand enterprises to anticipate and mitigate cyber risk before adversaries strike. Our team implements solutions aligned with Continuous Threat Exposure Management (CTEM), enabling your organisation to simulate real-world threats, prioritise patching based on risk, and reduce your attack surface in cloud, hybrid and OT environments.

Whether you’re facing legacy IoT challenges, cloud misconfigurations, or targeted phishing campaigns staff, Nextro can help you take back control of your cyber terrain. Our partnerships with global leaders like Fortinet give you the insight, tools, and support to operate securely at speed.

Ready to enhance your cybersecurity and reduce your risk? Contact the Nextro team today to enhance your cybersecurity posture.

Read THE FULL REPORT HERE

The post Navigating the 2025 Cyber Threat Landscape appeared first on Nextro.