Organizations often believe their data is safe, but frequently are unaware of potential vulnerabilities that can leave them open to attacks. And recent studies reveal wildly differing views between executives and IT professionals in organizations on the effectiveness of their cybersecurity practices and policies. Is now the time to re-examine how well your organization is protected against a cyberattack? It may just help you avoid the considerable financial consequences of losing data, time, clients, and your reputation.
By the numbers
In a study conducted by Ovum for FICO, it was found that 84% of Canadian executives believed their organization is "better than average" or a "top performer" when asked about their cybersecurity practices. However, a recent survey of 2 800 IT professionals revealed that 77% of organizations lack a formal cybersecurity incident response plan, making it more difficult to muster a timely and effective response. Another study has shown that it takes an average of 191 days for an organization to identify a data breach, and a subsequent average of 66 days to fully contain it.
And according to eSentire’s Cyber security strategist, Eldon Sprickerhoff, Canadian companies hold the naive belief that their organizations are too small or insignificant to fall victim to breaches.
With the implementation of the Canadian mandatory breach notification on November 1, 2018 more Canadian boards have begun to make cybersecurity a regular agenda item. While Canadian businesses may be paying more attention due to increased regulation and more awareness of the risks, most lack the knowledge of what they are facing. Consider that malware and malicious network behaviour was discovered in 85% of Fortune 500 companies participating in a security software trial, and that percentage is likely even higher for non-Fortune organizations.
Has your company done all it can to keep its data safe? These statistics might be enough to make you reconsider.
The consequences are real
Recent events have illustrated the cost of data security breaches for several Canadian organizations – here are three examples:
On October 1, 2018, Recipes Unlimited Corp reported being hit by a malware outbreak, which prompted the closure of many of its restaurants. It was soon revealed that the company, which owns numerous restaurant chains such as Swiss Chalet, Harvey’s, and East Side Mario’s, had been subjected to a data breach. The perpetrators claimed to have encrypted the company’s essential files and demanded a ransom payable in bitcoin (BTC), threatening to escalate it by 0.5 BTC ($4,000) each day it was not paid.
While the company denied it was being held ransom, citing regular data backups of essential files, the restaurant closure impacted business and created uncertainty among employees. The ransom note is thought to be related to the Ryuk virus, which has enabled hackers to collect more than $640,000 to date.
Compromised by a vendor
On November 1, 2018, the Ontario Cannabis Store (OCS) was notified that the data of 4500 customers had been accessed by an unauthorized party. However, in this instance the data was accessed through the delivery tracking tool of Canada Post, who had been tasked with fulfilling customer orders.
Per a statement from the OCS, the delivery information that was compromised includes:Postal codes
Names, or initials or people who signed upon delivery
Date of delivery
OCS reference numbers
Canada Post tracking numbers
OCS corporate names and business addresses
However, information like the name of the person who made the order, delivery address, payment information and the contents of the order were not involved in the breach and was not affected. The OCS informed Ontario's privacy commissioner of the breach and all its affected customers.
St. Francis Xavier University was also in the news these last few weeks after an attempted cyberattack at the university.
The IT Services team found odd activity occurring within the university’s networked environment and immediately launched an investigation. It was discovered that the malicious software was attempting to use the University’s servers to create or mine bitcoin for monetary gain, a task that requires intensive computing resources.
As a precaution, the university implemented an entire shutdown to the campus’ systems. This investigation is disrupting access to email, the school’s online course system, shared storage space and drives on the St. FX network.
Related blog: Top Key Trends in Cybersecurity for Law Firms
Your next steps
How can you keep your company safe? For starters, you can take a layered approach to your IT security. A proper layered approach to security will buy your organization time so you can respond effectively to any cyber-attack. You should also have a proactive protection that includes network visibility, continuously scanning your network for anomalies and applying policies accordingly. Businesses could also incorporate web protection as part of their corporate policy. This would allow for website filtering by time, content, perform bandwidth checking, and help protect the business against legal liability. And, finally, organizations should secure deleted data, in order to make it impossible to retrieve the data.
How does your business measure up? If you feel that you need the help of IT consultants that can help keep your business data secure, get in touch with Keeran Networks. Our trained technicians can answer your IT questions and give you the peace of mind to get back to your core business objectives.