Cyber threats are accelerating across New Zealand. The NCSC’s Q1 2025 Cyber Security Insights reported a 14.7% increase in financial losses, with NZ$7.8 million lost just in that quarter, much of it from business email compromise and phishing alone. These losses stem from intrusion, delay, and damage all preventable with active threat response. Antivirus solutions, while foundational, simply don’t detect or respond to these types of threats.
Malware, theft, ransomware and insider threats all require human‑verified detection and immediate containment, capabilities only full MDR provides. Without it, breaches become incidents; incidents become crises for businesses.
New Zealand is not immune from global trends. Recent reports show:
Cybercrime incidents reached 1,369 in Q1 2025, with 77 requiring specialist technical response.
Financially motivated attacks now surpass state‑sponsored activity
Phishing rose 15%, and unauthorised access rose 11% over Q4 2024.
Over 54% of NZ adults suffered an online threat in six months, highlighting the scale of exposure
These statistics show that attacks are becoming more frequent, financially damaging, and stealthy, placing modern businesses at risk.
The evolution of cyber threats is a lesson in how attackers have always adapted faster than defences. What started as hobbyist experimentation quickly became destructive, global, and financially driven.
Here’s how it started, and why where we are now demands a smarter response model like MDR.
The first known computer virus wasn’t malicious, it was playful. Creeper spread on mainframe computers and displayed the message:
“I’m the creeper, catch me if you can!”
It spread via ARPANET (the precursor to the internet) and was "removed" by the first antivirus program, Reaper, making Creeper and Reaper the original hacker vs. defender duo.
Fun Fact: Reaper was itself a self-replicating program, effectively making it the first "antivirus worm."
The Brain virus, widely considered as the actual first PC virus, originated in Pakistan and spread via infected floppy disks. It replaced the boot sector and slowed down infected systems, causing panic globally.
The creators even left their real names, phone number, and address in the code, urging people to call them for removal instructions.
Why it mattered: It was the first demonstration that software could hop globally, and break things, just from shared disks.
Developed by a university student, the Morris Worm was designed to measure internet size but ended up crashing 10% of all computers online, an enormous number at the time. It used multiple attack vectors and was hard to remove, causing millions in downtime.
The US response? The creation of CERT (Computer Emergency Response Teams), which laid the foundation for modern cybersecurity response globally.
This Windows 98 virus triggered on April 26 (the anniversary of the Chernobyl disaster) and overwrote computer BIOS, rendering PCs completely unbootable. It destroyed hard drives and cost an estimated US$1 billion in damages.
CIH highlighted how viruses could cause hardware-level damage, something that shook confidence in even offline, air-gapped systems.
These email-borne viruses introduced a new form of social engineering, users willingly opening infected files because they looked like documents or love letters.
ILOVEYOU alone infected over 10 million computers in days, overwhelming networks worldwide.
How it was handled: Entire email systems had to be shut down. Manual disinfection and system rebuilds were the only solution.
Using leaked NSA tools (EternalBlue), these attacks exploited vulnerabilities in outdated Windows systems, spreading globally in hours.
WannaCry locked hospitals, shipping ports, and government agencies.
NotPetya targeted Ukraine but spilled over, costing Maersk over US$300 million.
Unlike ransomware, NotPetya offered no recovery, it simply wiped systems.
These attacks marked a turning point. Cyberattacks were no longer about inconvenience, they were strategic, destructive, and state level.
Attackers don’t wait for software to age. They exploit gaps, old systems, inattentive teams, or patch delays.
Initial access is often simple. Floppy disks became emails, which became fake logins, which are now automated bots scanning for vulnerabilities.
Manual response isn’t scalable. None of the early viruses could have been handled manually at today’s scale or speed.
With modern threats, speed matters more than ever. Today, MDR isn’t just protection, it’s a survival strategy, built for real-world complexity that AV and manual tools were never designed to handle.
Legacy solutions, antivirus, basic firewalls, and signature-based detection, are inadequate against:
Ransomware that evades signatures
Credential theft and lateral movement
Traditional antivirus (AV) tools were built to block known threats, typically using signatures or behavioural patterns to detect malware. While this was effective when threats were slower and far less advance, it no longer holds up.
Today’s attacks are stealthier, faster, and often fileless, meaning they don’t leave the traditional indicators AV software looks for.
To understand where antivirus fits, and why it’s no longer sufficient, it helps to break down the modern defence stack:
Detects and blocks known malware using signature-based scanning.
Protects against viruses, trojans, and some basic ransomware.
Effective for legacy threats, but blind to new or obfuscated attacks.
Monitors endpoint activity to detect suspicious behaviour.
Can identify fileless attacks, lateral movement, and privilege abuse.
Provides detailed logs and visibility for analysts to investigate.
But EDR alone doesn’t contain threats, it just informs you.
Extends detection beyond endpoints to include email, cloud, and network.
Correlates data from across the environment to surface complex threats.
Powerful, but still needs skilled interpretation and action.
Combines EDR/XDR tools with a 24/7 security operations centre (SOC).
Real analysts investigate alerts, contain threats, and guide next steps.
Delivers outcomes, not just alerts, like isolating devices, stopping malware spread, or identifying compromised accounts.
Together, AV, EDR, and XDR form the foundation, but without MDR, they can leave businesses overwhelmed or exposed.
NSP’s MDR service is designed to integrate with existing tools and add the missing layer of expert-driven action. We reduce time to respond, eliminate alert fatigue, and ensure you’re not left interpreting data when you should be recovering.
For businesses in sectors like legal, real estate, finance, and high-growth startups, the risk tolerance is low, and the threat is high. MDR is now a it’s a requirement.
Here’s what businesses often miss:
Most providers offer “monitoring.” Some offer “response.” Fewer still offer both in a way that’s aligned with your business goals and operating environment. The wrong partner can leave you flooded with alerts, unclear next steps, and delayed responses when time matters most.
When a breach occurs, the gap between knowing and acting defines the damage.
A delayed response could mean days of operational downtime, customer data loss, reputational damage, or worse. These aren’t theoretical risks. As we already know, NZ businesses lose millions each quarter to attacks that go undetected or uncontained.
NSP recognises that every business has a different risk profile. Our MDR provides the right level of protection, support, and containment strategy based on your environment and risk tolerance.
We build MDR around your business reality, ensuring:
Local response with regional insight into NZ cyber risks
Integration with your existing stack, from endpoints to hybrid cloud
Analyst-reviewed alerts, not alerts dumped into dashboards
Controllable containment, keeping business continuity front of mind
Modular service tiers, tailored to risk exposure and operational models
That’s strategic MDR: real protection that enhances resilience.
1. What makes MDR more effective than antivirus?
Avast vs. MDR: antivirus blocks known threats; MDR detects, verifies, contains, and recovers from unknown, advanced threats.
2. Is MSP‑delivered MDR suitable for small teams?
Yes. We deliver enterprise-level detection and response without requiring in-house SOC, making it cost-effective and scalable.
3. How quickly do you respond to threats?
Once a genuine threat is confirmed, containment actions are initiated within minutes to stop breaches from spreading.
4. Can MDR support compliance needs?
Definitely. MDR provides logs, incident records, and containment evidence, supporting ISO, PCI‑DSS, financial regulations, professional services compliance, and client assurance.
If you’re relying on legacy security tools, or feel uneasy about cyber threats, contact NSP. Book a consultation today to discuss how strategic MDR can give you clarity, control, and confidence in your security readiness.