Are you experiencing a security incident?
Incident Response
Assess & Improve
Detect & Respond
Protect & Secure
Advise & Empower
Resources
Articles
In-depth insights
Advisories
Newly discovered threats
About us
Leadership Team
Meet the experts
Events
Join upcoming events
Award & Certifications
Industry recognitions
Our Community
Network of professionals
Vendor Partners
Trusted vendors
Talk to an expert
Service Category
Services
Popular Services
Employee Cyber Training & Awareness
Train smart and stay secure
Advisory
Secure smarter with strategic security advisory
Managed Protection
Stay ahead of every threat with managed security
Security Architecture
Security that actually changes the game
Digital Forensics & Incident Response
Forensic and Incident Response experts on hand to help
Cyber Threat Intelligence
Strengthen your security posture
Managed Detection & Response
Highly trained security experts monitor and protect
Certification & Accreditation
Get certified with ease
Audit & Assurance
Audit and assurance you can trust
Governance, Risk & Compliance
Simplfy compliance, strengthen protection
Cyber Maturity Assessments
Strengthen your security maturity
Penetration Testing
Penetration testing for cyber vulnerabilities
Case Studies
    
Articles
    
Advisories
    
Compliance Management Programme
Privacy Impact Assessment
Executive and Board Security Governance Training
Instructor Led ISO27001 Training
Advanced OSINT Training Course
Secure Development Training
Security Awareness Training
Security Incident Response Testing
Executive & Board Reporting
Incident Response Tabletop Exercise
Security Policy and Standard Development
Strategic Security Consulting
Secure Access Service Edge (SASE)
Dark Web Monitoring
Automated Patch Management
Cloud Posture & Security
Vulnerability Management
Email Security
Web Filter, CASB & DLP (Cloud Access Security Broker & Data Loss Prevention)
Endpoint Protection
Virtual Security Architect (vSecArch)
System Architecture, Design & Implementation
NIST CSF Maturity Uplift
DevSecOps Review & Implementation
Design Reviews
CI/CD Health Check
Cloud Security Configuration
Incident Response
Forensics
System Security Plan
Controls Validation Audit
Continuous Certification
Risk Assessment
All of Government Marketplace
Digital Identity Services Trust Framework Act
SWIFT CSCF
Payment Card Industry (PCI)
ISO 27001
vITSM
vCISO
Risk Management
Security Health Check
CIS Critical Controls Assessment
PSR Assessment
NIST CSF Assessment
Essential Eight Assessment
Specialist Testing
Artificial Intelligence (AI) Penetration Test
Application Penetration Tests
Source Code Review
Configuration Reviews
Denial of Service (DoS) Testing
Social Engineering & Phishing
Purple Teaming
OT/SCADA Network Penetration Test
Vulnerability Assessment
External Penetration Testing
Internal Penetration Testing
Web Application Penetration Testing
Red Teaming
Secure Development Training
Dark Web Monitoring
ISO 27001
Denial of Service (DoS) Testing
Purple Teaming
External Penetration Testing
Internal Penetration Testing
Red Teaming
Advise & Empower
Explore Solutions
Protect & Secure
Explore Solutions
Detect & Respond
Explore Solutions
Assess & Improve
Explore Solutions
Resources
Articles
Advisories
About Us
Explore Bastion
Leadership Team
Events
Award & Certifications
Our Community
Vendor Partners
Employee Cyber Training & Awareness
Advisory
Managed Protection
Security Architecture
Digital Forensics & Incident Response
Cyber Threat Intelligence
Managed Detection & Response
Certification & Accreditation
Audit & Assurance
Governance, Risk & Compliance
Cyber Maturity Assessments
Penetration Testing
Popular Services
Secure Development Training
Dark Web Monitoring
ISO 27001
Incident Response
Talk to an expert
Resources
About Us
Articles
>
A Creeture Reviews the Threat Environment Report 2025
Bastion Security

A Creeture Reviews the Threat Environment Report 2025

Today the NZSIS (the Service) released its third Annual Threat Environment report.
Talk to an expert
August 22, 2025

Today the NZSIS (the Service) released its third Annual Threat Environment report. These reports are gold. It's one of the few documents where an NZ intelligence agency speaks openly about the threats we're facing, and names the countries those threats come from. The Service deserves applause for getting these reports started and for keeping them going. 

I'm a big believer in threat-informed and threat-based security programmes, and when I finished my first read, what popped into my head was Oprah:

A person singing into a microphoneAI-generated content may be incorrect.

Insider threats are a problem. Foreign Interference can manifest as social pressure and co-opting of staff. We have to worry about foreign delegations, foreign business relationships and then on top of all those worries add in the fact that geo-strategic competition means more espionage, not less.

This report is not telling us we can take that nap we've all earned. It's a sobering reality check of the increasingly complex threat environment we are all trying to operate in. I'm going to keep my comments to the three threat areas within the report that are most relevant to us cyber security folk: foreign interference, insider threats and espionage.

Foreign Interference

Foreign interference activities continue in New Zealand with several states responsible. This includes activities regarded as transnational repression that often target diaspora communities. The People's Republic of China (PRC) gets a direct call out here, but the report points out the PRC is not the only state that engages in interference here in NZ. The key statements in the report about foreign interference that stood out to me are:

  • Some foreign states have attempted to exploit people inside public and private sector organisations
  • A case where a "co-optee" was advising influential decision makers (presumably politicians) was providing advice and guidance under direction from a foreign government
  • Arrangements such as sister cities, and foreign delegations are often used to build long term relationships for influence and interference
  • New Zealanders who are members of other nations' diaspora are under surveillance and scrutiny.

Do you, as a security team, think about how some of those you support could be targeted, or subject to higher threats? Many organisations work hard to get good baseline security everywhere. But do you have additional training, support or controls for highly attacked people? Are you thinking about your international partnerships with an interference lens? The threat is definitely here, and real.  

Insider Threats

Insider threats from a wide range of areas are present in NZ.  

What really struck me was that yes - the report talks about insider threats from motivated foreign nations seeking to exploit insiders and their knowledge - the issues-motivated insider threats are an issue too. The section on violent extremism states "No one ideology currently stands out as presenting a greater threat". As we've seen earlier this week, we've had our first ever conviction for espionage from, you guessed it - an insider threat who it appears was radicalised online and showed strong support for an issues-motivated group. 

And after reading this year's report, managing insider threats is clearly something more organisations need to think about and build plans for.

Espionage

The report does a good job calling out espionage threats for critical infrastructure and government. For those of us keeping up with the Typhoons (Salt, Vault, Flax) and groups such as Cosy Bear and Lazarus Group that's probably not news. But the report contains this admission:

"It is almost certain there is undetected espionage activity that is harming New Zealand’s national interests."

Our intelligence community is not just worried about the espionage they can't see (of course they are), they're 90%+ confident there is espionage they are not seeing. That should be sobering, Threat actors operating in NZ currently unchecked is not great. We know that sophisticated threat actors are using Living off the Land techniques to get in, move around and maintain persistence without being detected. We need to be assuming breach, making sure that our organisations have good detection capabilities in place and planning (and doing) threat hunting.

What can you do? 

The annual Threat Environment report is an excellent paper, and a great prompt to think about the threats you are facing as a cyber security professional. 

From a cyber security and organisational security perspective, when I read that report I'm left with two major thoughts:

  1. Geo-politically, APAC is getting tougher, and more contested, not less. Global instability and strategic competition is raising the threat from foreign interference and espionage. New Zealand organisations need to make sure their protections are strong, they have good security strategies and programmes to help them keep improving. 
  2. Organisations need to update their threat models: if you are in critical infrastructure, higher education or the public sector, you need to be updating your threat models, then flow this through so that your risks are mapping to your threats, and you can be confident your security controls are protecting you from the threats you are facing now.

We're Here to Help

If your organisation:

  • Doesn’t have a threat model.
  • Hasn't quite got its insider threat framework up and running.
  • Deals with foreign delegations or partnerships but hasn't thought about PERSEC or national security risk before.
  • Need help planning and/or doing a threat hunt.
  • Is worried about whether your cyber security programme is keeping you safe from the threats you face.

Then Bastion is here to help you build a clear, resilient model for today’s risks. 

With 150+ security nerds we have the expertise and capacity to help you with your security projects, hopes and dreams. Whether it's an insider threat review, building a threat model, doing a threat hunt for espionage actors or building a framework to managing 3rd party risks for foreign partnerships - we're here to help.

Events

Latest events

Join Bastion experts for networking events, technical briefings, and hands-on workshops hosted throughout the year.
View all events
No items found.
Cyber security news

Latest advisories

Stay ahead of emerging threats with our expert blog posts, research, and industry updates.
Silverstripe - Cross-Site Scripting (XSS) Vulnerability
A Cross-Site Scripting (XSS) vulnerability has been identified in the administrator panel of Silverstripe CMS, specifically in the handling of the user input within the form messages module.
Silverstripe - Host Header Injection
A Host header injection vulnerability in Silverstripe has been identified that allows an attacker to poison the password rese
Statamic CMS
Sam Schroder found a local file inclusion (write only) vulnerability inside of the upload functionality of Statamic CMS. This affects front end components like forms with `assets` fields.
Advise & Empower
Protect & Secure
Detect & Respond
Assess & Improve
Back to top
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Dark
Resources
ArticlesAdvisoriesTerms & ConditionsCorporate GovernanceVulnerability Disclosure GuidelinesPrivacy Statement
About UsLeadership TeamEventsAwards & CertificationsOur CommunityVendor Partnership
Are you experiencing a security breach?
Incident Response
+64 4 281 7534
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© Copyright 2025. All rights reserved