Dayna-Jean Broeders
02 September 2025
6 min
Read
In August 2025, a significant data breach compromised over 2.5 million records from Google's Salesforce CRM instance. This breach, attributed to the ShinyHunters hacking group, exploited a voice phishing (vishing) attack to gain unauthorized access to sensitive business contact information. While no payment details were affected, the breach underscores the vulnerabilities inherent in cloud platforms and the critical need for robust security measures.
For New Zealand businesses, this incident serves as a stark reminder that reliance on cloud providers does not absolve them of responsibility for securing their data. As cloud adoption accelerates, so does the sophistication of cyber threats. It's imperative for businesses to reassess their cloud security strategies to safeguard sensitive information and maintain trust with customers.
New Zealand's public cloud spending is projected to nearly double from NZ$5 billion in 2024 to NZ$9.6 billion by 2028, reflecting an 18% compound annual growth rate. This expansion is expected to generate over NZ$22 billion in new revenue over the next four years, with public cloud contributing an estimated NZ$24.3 billion to the economy in 2024 alone.
Despite this growth, a significant gap exists between the recognition of cloud's strategic importance and the readiness of businesses to implement it effectively. A survey revealed that while 70% of New Zealand businesses identify cloud computing as essential for future growth, only 34% possess the infrastructure, governance, and technical maturity needed to fully leverage cloud technology.
The cyber threats in New Zealand are evolving, with an increase in sophisticated attacks targeting cloud platforms. The National Cyber Security Centre's 2023/2024 Cyber Threat Report highlights the growing complexity of cyber threats from both criminal and state-sponsored actors.
Notably, the rise of ransomware incidents and the targeting of cloud services have become prominent concerns. Emerging threat groups are employing innovative tactics to exploit vulnerabilities in cloud environments, emphasizing the need for businesses to adopt proactive security measures.
1. Third-Party Integrations Are a Vulnerability
The breach exploited a third-party integration within Salesforce, highlighting the risks associated with interconnected systems. Businesses must regularly audit and manage third-party applications to ensure they do not introduce security gaps.
2. Human Error Remains a Significant Risk
The vishing attack relied on social engineering to deceive employees into granting access. This underscores the importance of continuous employee training and awareness programs to mitigate human error.
3. Shared Responsibility Model
Cloud providers offer robust security features, but businesses are responsible for configuring and managing these tools effectively. It's crucial to understand the shared responsibility model and implement appropriate security controls.
4. Incident Response Preparedness Is Essential
The breach's rapid detection and response were critical in mitigating its impact. Businesses should develop and regularly test incident response plans to ensure swift action in the event of a security incident.
To enhance cloud security and protect against potential breaches, New Zealand businesses should consider the following measures:
Implement Multi-Factor Authentication (MFA): Enforce MFA across all user accounts to add an extra layer of security.
Conduct Regular Security Audits: Regularly review and update security configurations, permissions, and access controls.
Educate Employees: Provide ongoing training to employees on recognizing phishing attempts and adhering to security best practices.
Utilize Managed Detection and Response (MDR) Services: Employ MDR services to monitor cloud environments for suspicious activities and respond to potential threats.
Develop an Incident Response Plan: Establish and regularly test an incident response plan to ensure preparedness in the event of a security breach.
At NSP, we understand the unique cybersecurity challenges faced by New Zealand businesses. Our comprehensive cloud security services include:
Managed Detection and Response (MDR): Continuous monitoring and rapid response to threats within your cloud environment.
Virtual Chief Information Security Officer (vCISO): Strategic guidance and leadership to enhance your organization's security posture.
Secure Cloud Migration: Safe and efficient migration of your business operations to the cloud with minimal disruption.
By partnering with NSP, businesses can bolster their cloud security and navigate the complexities of the digital environments with confidence.
1. How can I determine if my cloud environment is secure?
Conduct a comprehensive security audit to assess configurations, access controls, and third-party integrations. Engaging with a cybersecurity professional can provide valuable insights.
2. What are the signs that my business is vulnerable to a cloud security breach?
Indicators include outdated software, lack of MFA, excessive user permissions, and unmonitored third-party applications. Regular security assessments can help identify these vulnerabilities.
3. How often should I update my cloud security protocols?
Security protocols should be reviewed and updated regularly, at least quarterly, or whenever there are significant changes to your cloud environment or threat environment.
4. What role does employee training play in cloud security?
Employee training is crucial in preventing social engineering attacks and ensuring adherence to security best practices. Regular training sessions can significantly reduce human error-related incidents.
5. Can NSP assist with cloud security compliance requirements?
Yes, NSP provides services to help businesses comply with relevant regulations and standards, ensuring that your cloud environment meets necessary security and compliance requirements.
The Google–Salesforce breach proves one thing: if it can happen to them, it can happen to anyone. Cloud is the future of NZ business, but only if it’s secured properly.
Contact NSP to discuss a secure cloud migration strategy and protect your business before attackers find the gaps.
Enter your details below to stay up-to-date with the latest IT solutions and security measures.