One of the biggest security risks in New Zealand isn’t technology. It’s misplaced responsibility.

Many organisations rely on their ICT, IT, or network services providers to “handle security” by default.

In practice, this often means:

• A firewall is installed
• Network rules are configured
• Endpoint tools are deployed
• Cloud defaults are left in place
• And security is considered “covered”.

The problem is that IT operations and cybersecurity are not the same discipline. Most ICT and network providers are trained to deliver availability, performance, and support. They are not trained to:

• Assess organisational risk
• Interpret regulatory intent
• Design security governance
• Test whether controls actually work
• Challenge unsafe business behaviour

So, security becomes technology-led rather than risk-led. Firewalls, network segmentation and cloud controls are important, but without security knowledge behind them, they quickly turn into static configurations that drift, age, and fail silently. This is how organisations end up “secure on paper” and exposed in reality.

Security requires:

• Understanding threat actors and attack paths
• Knowing how people bypass controls
• Mapping controls to NZ obligations like NZISM, PSR and the Privacy Act
• Reviewing effectiveness as the organisation changes

That skill set is not automatically part of an IT service contract. This isn’t a criticism of ICT providers — it’s a recognition of boundaries.

Real security comes from governance, people, process and continual review, supported by technology — not replaced by it. Firewalls don’t manage risk, people do and without trained security leadership and ongoing maturity assessment, even the best technology will eventually fail.

Need Help Securing Your Environment?

At Liverton Security, we help New Zealand organisations build robust defences against email-based threats. Our services include:

• Email security assessments identifying vulnerabilities like SMTP Open Relay and authentication gaps
• Security awareness training tailored to New Zealand organisations
• Policy and procedure development aligned with NZISM, PSR, and international standards
• Governance and Risk assessment and training for Boards, Executive and the operational security and IT teams.
• Penetration (PEN) Testing of cloud, web, network and mobile
• Incident response planning for email compromise scenarios
• Ongoing security advisory services for SMBs and local government

Kōrero mai – let's discuss how we can help protect your organisation.

About Liverton Security

Digital technology has greatly expanded opportunities for businesses, but has also introduced complex security threats that organisations cannot ignore. Protecting people, critical data, and entire organisations requires proactive and continuous security strategies.

As an influential and respected leader in global cybersecurity, Liverton Security specialises in helping businesses and government organisations neutralise evolving cyber threats in the digital age.