Canadian Companies Vulnerable To Cyber-Attacks

Canadian organizations aren’t prepared for the rising caliber of attacks, according to Deloitte’s 2015 cyber security survey. Only about 9 per cent of 103 organizations were deemed highly secure, vigilant and resilient towards potential hacks and 68 per cent aren’t in a position to recover quickly from an attack.

The costs of data breaches in Canada rose by about 14 per cent to $6.03 million in 2016 from $5.3 million in the year-earlier period, according to researchers at the Ponemon Institute.

The greatest financial impact to these organizations after a hack is the loss in business due to a lack of customer trust, according to the independent research organization.

Organizations are unconsciously incompetent

Organizations are unconsciously incompetent,”  said a Deloitte spokesman. “They think they are well prepared… but when we scratch beneath the surface we notice there are some pretty severe gaps.”

“The reality is everyone’s a target. If you’re connected to the Internet — you’re a potential target.”

According to the Canadian federal government, which launched a public consultation on cyber security on Aug. 16, about 70 per cent of Canadian businesses have been victims of cyber-attacks and the average cost is $15,000 per incident.

One common method of attack involves a spearfishing email, where hackers send targeted messages to employees of an organization. These emails contain personal information gathered from online profiles like LinkedIn and Facebook, to convince the victim the email is genuine.

If the victim opens an email attachment, they invariably release a virus.

Masse said that Deloitte re-creates these kinds of attacks to determine how vulnerable a client is and the hacks always win.

“If we have a 100 per cent success rate, then the bad guys have 100 per cent as well,” he said.

Holding data for ransom

The use of ransomware is a more advanced method of attack and it involves hacking vital information, placing a password on the files and then holding that information hostage.

“We’re seeing a massive increase in ransomware attacks,” said Masse.

The Ottawa Hospital had a ransomware attack in March on four computers out of its network of 9,800 after an employee clicked on a malicious link. Fortunately, patient information was retained as the hospital responded by wiping drives and no ransom was paid.

An Osterman Research study published by San Jose-based internet security company Malwarebytes earlier this month found 44 of the 125 Canadian organizations surveyed said they’ve had a ransom ware attack in the past year. Thirty-three of the companies paid out ransoms of $1,000 to $50,000.

These kinds of security breaches prompted IBM to use its artificial intelligence software called Watson to help combat cyber-attacks. Since its inception in the mid-2000s, Watson has used machine learning to solve various problems.

“A big part of what we’re seeing now is healthcare breaches,” said Boston-based Caleb Barlow, vice-president of IBM Security. “It’s happening around the world.”

One of the challenges is the sheer amount of data. “You could not possibly hire enough people to sift through that log of information and figure out what to pay attention to,” said Barlow. “And that is the problem we are starting to resolve with Watson.”

The goal is for the program to connect pieces of information and come to realistic conclusions, like a human would. “Watson’s able to think like a forensic researcher,” he said. “You train it on some of the basics and then it comes back and starts to learn some of these things on its own.”

To help train Watson, IBM has enlisted the help of eight universities including three in Canada: The University of Ottawa, the University of Waterloo and the University of New Brunswick.

Identifying risks

Professor Ali Ghorbani, dean of the faculty of computer science at the University of New Brunswick, is one of the researchers, focusing on user behaviour and cyber risk identification.

The aim is for Watson to able to interpret large amounts of data and answer security questions.

“Every solution that you can find now for security, in terms of preventing intrusion or mitigating an attack, are primarily [using] data mining or machine-learning based technology,” he said.

“Ransomware is the most damning issue we have now in our businesses, in our government and in our institutions too,” Ghorbani said. “It’s projected to increase much more in the near future.”

Organizations like Deep Instinct are also attempting to use artificial intelligence and machine learning to combat cyber security. The company, based in San Francisco and Tel Aviv, uses a form of artificial intelligence called deep learning to identify cyber threats.

Just as the brain remembers an object after identifying it the first time, Deep Instinct’s software does the same by remembering forms of cyber threats.

“Deep Instinct’s artificial brain learns to identify which files are malicious,” said Tel Aviv-based Maya Schirmann, Deep Instinct’s chief marketing officer. “The result is the ability to identify brand new cyber threats and block them, all in real-time.”

Deep Instinct’s technology can be used on computers as well as smartphones and tablets. Schirmann said their clients include several Fortune 1000 companies.  

Staying ahead of threats

While more tools are becoming available, it’s still a challenge to keep up with the threats.

Data storage company EMC, ranked Canada 15 out of 18 countries in terms of being “ahead of the curve” with regard to data protection. However, about 82 per cent of the100 organizations surveyed in Canada said their current data protection wouldn’t meet future business challenges.

The Canadian government also recognizes the importance of cyber security and that’s why they’ve launched the consultation project.

“We need to get really good at cyber security – across our personal, business, infrastructure and government sectors – so we can take full advantage of the digital economy, while protecting the safety and security of Canadians,” said Ralph Goodale, minister of public safety and emergency preparedness.  

Financial Post:

 

« Australian Government Networks Hacked
Critical Infrastructure Is The Next Target »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

APMG International (APM Group)

APMG International (APM Group)

APM Group is a global accreditation, certification and examination body specializing in certification schemes for individuals, organizations and software.

Forcepoint

Forcepoint

Forcepoint provide a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies of managing multiple point security products.

National Cyber Security Centre (NCSC) - Netherlands

National Cyber Security Centre (NCSC) - Netherlands

NCSC Netherlands coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

CyberDefcon

CyberDefcon

CyberDefcon is an independent organization dedicated to the pursuit of making the internet a safer place.

FoxGuard Solutions

FoxGuard Solutions

FoxGuard Solutions develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

Accurics

Accurics

Accurics enables self-healing cloud native infrastructure by codifying security throughout your development lifecycle.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

SecureLayer7

SecureLayer7

SecureLayer7 is an international provider of integrated business information security solutions with an innovative approach to IT security.

tru.ID

tru.ID

We’re tru.ID, and we're reimagining mobile authentication, one API at a time.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

Unciphered

Unciphered

Unciphered was created as the first company providing services for opening locked hardware cryptocurrency wallets.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

Plerion

Plerion

Plerion is an all-in-one Cloud Security Platform that supports workloads across AWS, Azure, and GCP delivering cloud security posture management, workload security, data security and more.