In 2019, Canadian organizations and government agencies faced a fairly constant stream of cyberattacks and threats which wreaked havoc on these underfunded and under-protected enterprises. Unfortunately, it seems to have been a successful year for cyber-attackers as many companies were ill-prepared for what was to come. The disastrous breach that happened to the medical test laboratory LifeLabs was among the worse with over 15 million names, addresses, passwords, health card numbers and more stolen from customers in Ontario and B.C.
Today data breach reports are more accurate now that companies must report them to the Office of the Federal Privacy Commissioner (OPC). What they’ve learned in the first 12 months of operation was that around 28 million Canadians had been exposed, not including the LifeLabs breach. Some other reported cyberattacks include:
- Some attacks came through business suppliers that hosted unprotected databases that included personal and credit card information on thousands of subscribers. For example, TransUnion Canada reported that attackers breached a Winnipeg leasing company which provided access to personal information for around 37,000 Canadians who were using the credit reporting agency.
- Ransomware combined with data-stealing techniques hit organizations small and large, stalling business activities until the ransoms were paid. The city of Stratford, Ont. had to pay the equivalent of $75,000 in bitcoin. Among the list of victims was the Michael Garron Hospital in Toronto, the government of Nunavut, the city of Woodstock, Ont. which also had their systems held captive until payments were made.
- Changes in payment procedures were made due to business email scams. This happens when an employee responsible for accounts payable is convinced to send payment to an alternate financial account rather than to the institution where payments were previously made. One Ontario beer brewing company had a staff member convinced of the authenticity of the request and wired $2.1 million to a “supposed” creditor.
With the increase in data breaches, ransomware, identity theft, denial-of-service attacks, there is no mistaking it – cybersecurity has become the most critical priority for chief information officers (CIOs). But we need to remember something – Verizon’s annual Data Breach Investigations Report found that approximately 21 percent of these breaches are caused by errors, employees or third parties.This means that the first thing every enterprise, agency, and third-party must do, is tighten up and close the gaps within their internal systems. (Hint: Starting with a cybersecurity audit is the simplest way to identify areas that provide cracks in the system for cyber criminals.) It also strongly suggests that employees should be made aware and trained to question unusual requests and spot malicious emails.
Top 2020 Security Risks to Tackle
Everyone loves new technology, but what we have come to realize is that with every new gadget comes a new set of security risks and issues. That includes cyber assistants, cloud computing, new mobile devices, Smart Speakers, the IoT (Internet of Things) etc. – we know they all come with advantages, but also potentially costly disruptions.
The smartest first move is to buckle up the areas you can control. Take a hard look at:
- Weak passwords
- Outdated technology
- Insecure third-party partnerships
- Lack of employee training
Cybersecurity concerns that are expected to become more prominent in the next year are worth understanding in advance. There isn’t an organization in the world that doesn’t consider or experience cybercrime as a major setback. Here are the five cyber threats that are expected to gain steam throughout the new year.
- Artificial Intelligence – As AI usage increases, hackers will try to combat this by developing new lines of malware and using AI as well to try to thwart cyber-defenses. Solution: Incorporate a security information and event management (SIEM) solution that will provide appropriate defence against potential attacks. The SIEM uses AI and Machine Learning to detect unusual behaviour within the network.
- 5G Issues – The use of 5G is already growing and the number of connections is projected to grow to over one billion by 2023. Security issues always accompany new network connections, so we can assume that cybercriminals will have an even larger attack arena from which to enter undetected. Solution: Regularly tighten up network security systems and use best practices within the organization.
- Ransomware will continue – This is a threat that is becoming more sophisticated and profitable for cybercriminals so it is unlikely that it will go away anytime soon. Solution: Endpoint and email protection is critical. Anti-virus, anti-spam are great solutions – adding an extra layer by using a SIEM, is even better. Backup and disaster recovery plans will also mitigate the risk if ever you do get hit by a ransomware attack. You will not have to pay the ransom because you will have a copy of your data in a secure location.
- Data Privacy for Businesses and their Customers – Organizations will have to be judicious about the types of data they collect and how it is stored. In some instances, the amount of data that is stored is not necessary while in others, such as in an e-Commerce organization, it is important to make sure customer data is never compromised. Imagine having “lost” your customers’ Credit Card information… Your reputation as a trusted e-Commerce organization is finished, putting your business at risk of shutting its doors. Solution: A data storage review and plan must become a priority and subsequent changes made to reduce risk. Making sure you are GDPR compliant will also save you from huge fines by the government.
- Deepfake Attacks – One of the first incidents of a deepfake attack was when a hacker used a deepfake voice to swindle a CEO out of $243,000 by impersonating a trusted source over the phone. Deepfake voices, images, and videos are becoming sophisticated and more difficult to detect. Most people are not aware of its existence or the destructive possibilities. Solution: As this angle of cyber threat continues to evolve, preparation and heightened awareness are the best solutions.
MicroAge NWD Proactive Cybersecurity Solutions
Our group of highly experienced cybersecurity professionals understand every facet of cybersecurity and know what it takes to keep your company safe. Today… and in the future.