NZX chief information officer David Godfrey will resign from his role at the end of the year, just weeks after the exchange was hit by a series of cyber attacks that caused significant downtime.
Godfrey, who has worked as CIO at the NZX for almost five years, also held various roles including head of IT, head of regulated systems and operations, and IT manager.
According to media reports, NZX chief Mark Peterson describes Godfrey as a great contributor.
“David has been in the business for more than a decade, and has been a great contributor over that time – including through the challenges we faced this year due to COVID and the more recent cyber attacks where he has shown wonderful calmness and support of his teams.”
He adds, “NZX has changed materially over the years and we are very grateful for the contribution David has made to the business. His attitude, commitment and support of everyone across the business – and through the wider capital markets community – has been first-class.”
NZX was recently targeted in a global spate of distributed denial of service (DDoS) attacks at the end of August 2020.
The attacks forced the NZX to stop trading for long periods across several days of disruption.
NZX worked with the Government Communications Security Bureau (GCSB) and cybersecurity firm Akamai to protect itself against further attacks.
“NZX has been advised by independent cyber specialists that the attacks… are among the largest, most well-resourced and sophisticated they have ever seen in New Zealand,” Peterson said in August.
Just a week earlier, Akamai had picked up on a spate of global ransom attacks, possibly conducted by Fancy Bear and Armada Collective threat groups.
The groups which they targeted firms across different sectors and made ransom demands. If the ransom demands were not paid, the groups threatened DDoS attacks if the ransom demand was not meant. Akamai confirmed that it saw some attacks peaking at almost 200Gb per second.
The National Cyber Security Centre also posted an alert about the attacks, designed to help New Zealand businesses think about their protection against DDoS attempts.
The NCSC alert says, “Before implementing any measures to prepare for denial-of-service attacks, organisations should determine whether a business requirement exists for their online services to withstand denial-of-service attacks, or whether temporary denial of access to online services is acceptable to the organisation.”
The NZX is reportedly conducting a global recruitment drive for a new CIO.