Canadian Companies Vulnerable To Cyber-Attacks

Uploaded on 2016-09-13 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

Canadian organizations aren’t prepared for the rising caliber of attacks, according to Deloitte’s 2015 cyber security survey. Only about 9 per cent of 103 organizations were deemed highly secure, vigilant and resilient towards potential hacks and 68 per cent aren’t in a position to recover quickly from an attack.

The costs of data breaches in Canada rose by about 14 per cent to $6.03 million in 2016 from $5.3 million in the year-earlier period, according to researchers at the Ponemon Institute.

The greatest financial impact to these organizations after a hack is the loss in business due to a lack of customer trust, according to the independent research organization.

Organizations are unconsciously incompetent

Organizations are unconsciously incompetent,”  said a Deloitte spokesman. “They think they are well prepared… but when we scratch beneath the surface we notice there are some pretty severe gaps.”

“The reality is everyone’s a target. If you’re connected to the Internet — you’re a potential target.”

According to the Canadian federal government, which launched a public consultation on cyber security on Aug. 16, about 70 per cent of Canadian businesses have been victims of cyber-attacks and the average cost is $15,000 per incident.

One common method of attack involves a spearfishing email, where hackers send targeted messages to employees of an organization. These emails contain personal information gathered from online profiles like LinkedIn and Facebook, to convince the victim the email is genuine.

If the victim opens an email attachment, they invariably release a virus.

Masse said that Deloitte re-creates these kinds of attacks to determine how vulnerable a client is and the hacks always win.

“If we have a 100 per cent success rate, then the bad guys have 100 per cent as well,” he said.

Holding data for ransom

The use of ransomware is a more advanced method of attack and it involves hacking vital information, placing a password on the files and then holding that information hostage.

“We’re seeing a massive increase in ransomware attacks,” said Masse.

The Ottawa Hospital had a ransomware attack in March on four computers out of its network of 9,800 after an employee clicked on a malicious link. Fortunately, patient information was retained as the hospital responded by wiping drives and no ransom was paid.

An Osterman Research study published by San Jose-based internet security company Malwarebytes earlier this month found 44 of the 125 Canadian organizations surveyed said they’ve had a ransom ware attack in the past year. Thirty-three of the companies paid out ransoms of $1,000 to $50,000.

These kinds of security breaches prompted IBM to use its artificial intelligence software called Watson to help combat cyber-attacks. Since its inception in the mid-2000s, Watson has used machine learning to solve various problems.

“A big part of what we’re seeing now is healthcare breaches,” said Boston-based Caleb Barlow, vice-president of IBM Security. “It’s happening around the world.”

One of the challenges is the sheer amount of data. “You could not possibly hire enough people to sift through that log of information and figure out what to pay attention to,” said Barlow. “And that is the problem we are starting to resolve with Watson.”

The goal is for the program to connect pieces of information and come to realistic conclusions, like a human would. “Watson’s able to think like a forensic researcher,” he said. “You train it on some of the basics and then it comes back and starts to learn some of these things on its own.”

To help train Watson, IBM has enlisted the help of eight universities including three in Canada: The University of Ottawa, the University of Waterloo and the University of New Brunswick.

Identifying risks

Professor Ali Ghorbani, dean of the faculty of computer science at the University of New Brunswick, is one of the researchers, focusing on user behaviour and cyber risk identification.

The aim is for Watson to able to interpret large amounts of data and answer security questions.

“Every solution that you can find now for security, in terms of preventing intrusion or mitigating an attack, are primarily [using] data mining or machine-learning based technology,” he said.

“Ransomware is the most damning issue we have now in our businesses, in our government and in our institutions too,” Ghorbani said. “It’s projected to increase much more in the near future.”

Organizations like Deep Instinct are also attempting to use artificial intelligence and machine learning to combat cyber security. The company, based in San Francisco and Tel Aviv, uses a form of artificial intelligence called deep learning to identify cyber threats.

Just as the brain remembers an object after identifying it the first time, Deep Instinct’s software does the same by remembering forms of cyber threats.

“Deep Instinct’s artificial brain learns to identify which files are malicious,” said Tel Aviv-based Maya Schirmann, Deep Instinct’s chief marketing officer. “The result is the ability to identify brand new cyber threats and block them, all in real-time.”

Deep Instinct’s technology can be used on computers as well as smartphones and tablets. Schirmann said their clients include several Fortune 1000 companies.  

Staying ahead of threats

While more tools are becoming available, it’s still a challenge to keep up with the threats.

Data storage company EMC, ranked Canada 15 out of 18 countries in terms of being “ahead of the curve” with regard to data protection. However, about 82 per cent of the100 organizations surveyed in Canada said their current data protection wouldn’t meet future business challenges.

The Canadian government also recognizes the importance of cyber security and that’s why they’ve launched the consultation project.

“We need to get really good at cyber security – across our personal, business, infrastructure and government sectors – so we can take full advantage of the digital economy, while protecting the safety and security of Canadians,” said Ralph Goodale, minister of public safety and emergency preparedness.  

Financial Post:

 

« Australian Government Networks Hacked
Critical Infrastructure Is The Next Target »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

Daon

Daon

Daon offers a universal biometric authentication platform for mobile devices.

ObjectSecurity

ObjectSecurity

ObjectSecurity is a leader in authorization policy automation. With OpenPMF, you can manage application security policies for access control and auditing.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

Fraugster

Fraugster

Fraugster provides the most precise anti-fraud solution for e-commerce businesses.

Honeywell Process Solutions (HPS)

Honeywell Process Solutions (HPS)

Honeywell's Industrial Cyber Security Solutions help plants and critical infrastructure sectors defend the availability, reliability and safety of their industrial control systems.

4Stop

4Stop

4Stop is a global KYC, compliance and anti-fraud risk management company.

Padlock

Padlock

Padlock is a trusted platform with an intimate knowledge of the cybersecurity industry that connects businesses with freelance professionals

Scanmeter

Scanmeter

Scanmeter helps identifying vulnerabilities in software and systems before they can be exploited by an attacker.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

CHT Security

CHT Security

CHT Security is a Managed Security Service Provider (MSSP) specialized in cyber security technologies enabling enterprises to defense against cyber threats to networks, gateways and endpoints.

Cyber Talents

Cyber Talents

CyberTalents is on a mission to close the gap of cyber security professionals shortage across the globe.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

Atlas Cloud

Atlas Cloud

Atlas Cloud is a UK-wide provider of managed services based in Newcastle. Our ‘research-led’ approach to IT services helps leaders make better decisions about IT for their businesses.

Kontra

Kontra

Kontra application security training is an interactive and intuitive learning experience that engages developers.

Zyxel Networks

Zyxel Networks

Zyxel Networks is a leading provider of secure, AI-powered networking solutions for small to medium businesses (SMBs) and the enterprise edge.