Canadian Companies Vulnerable To Cyber-Attacks

Canadian organizations aren’t prepared for the rising caliber of attacks, according to Deloitte’s 2015 cyber security survey. Only about 9 per cent of 103 organizations were deemed highly secure, vigilant and resilient towards potential hacks and 68 per cent aren’t in a position to recover quickly from an attack.

The costs of data breaches in Canada rose by about 14 per cent to $6.03 million in 2016 from $5.3 million in the year-earlier period, according to researchers at the Ponemon Institute.

The greatest financial impact to these organizations after a hack is the loss in business due to a lack of customer trust, according to the independent research organization.

Organizations are unconsciously incompetent

Organizations are unconsciously incompetent,”  said a Deloitte spokesman. “They think they are well prepared… but when we scratch beneath the surface we notice there are some pretty severe gaps.”

“The reality is everyone’s a target. If you’re connected to the Internet — you’re a potential target.”

According to the Canadian federal government, which launched a public consultation on cyber security on Aug. 16, about 70 per cent of Canadian businesses have been victims of cyber-attacks and the average cost is $15,000 per incident.

One common method of attack involves a spearfishing email, where hackers send targeted messages to employees of an organization. These emails contain personal information gathered from online profiles like LinkedIn and Facebook, to convince the victim the email is genuine.

If the victim opens an email attachment, they invariably release a virus.

Masse said that Deloitte re-creates these kinds of attacks to determine how vulnerable a client is and the hacks always win.

“If we have a 100 per cent success rate, then the bad guys have 100 per cent as well,” he said.

Holding data for ransom

The use of ransomware is a more advanced method of attack and it involves hacking vital information, placing a password on the files and then holding that information hostage.

“We’re seeing a massive increase in ransomware attacks,” said Masse.

The Ottawa Hospital had a ransomware attack in March on four computers out of its network of 9,800 after an employee clicked on a malicious link. Fortunately, patient information was retained as the hospital responded by wiping drives and no ransom was paid.

An Osterman Research study published by San Jose-based internet security company Malwarebytes earlier this month found 44 of the 125 Canadian organizations surveyed said they’ve had a ransom ware attack in the past year. Thirty-three of the companies paid out ransoms of $1,000 to $50,000.

These kinds of security breaches prompted IBM to use its artificial intelligence software called Watson to help combat cyber-attacks. Since its inception in the mid-2000s, Watson has used machine learning to solve various problems.

“A big part of what we’re seeing now is healthcare breaches,” said Boston-based Caleb Barlow, vice-president of IBM Security. “It’s happening around the world.”

One of the challenges is the sheer amount of data. “You could not possibly hire enough people to sift through that log of information and figure out what to pay attention to,” said Barlow. “And that is the problem we are starting to resolve with Watson.”

The goal is for the program to connect pieces of information and come to realistic conclusions, like a human would. “Watson’s able to think like a forensic researcher,” he said. “You train it on some of the basics and then it comes back and starts to learn some of these things on its own.”

To help train Watson, IBM has enlisted the help of eight universities including three in Canada: The University of Ottawa, the University of Waterloo and the University of New Brunswick.

Identifying risks

Professor Ali Ghorbani, dean of the faculty of computer science at the University of New Brunswick, is one of the researchers, focusing on user behaviour and cyber risk identification.

The aim is for Watson to able to interpret large amounts of data and answer security questions.

“Every solution that you can find now for security, in terms of preventing intrusion or mitigating an attack, are primarily [using] data mining or machine-learning based technology,” he said.

“Ransomware is the most damning issue we have now in our businesses, in our government and in our institutions too,” Ghorbani said. “It’s projected to increase much more in the near future.”

Organizations like Deep Instinct are also attempting to use artificial intelligence and machine learning to combat cyber security. The company, based in San Francisco and Tel Aviv, uses a form of artificial intelligence called deep learning to identify cyber threats.

Just as the brain remembers an object after identifying it the first time, Deep Instinct’s software does the same by remembering forms of cyber threats.

“Deep Instinct’s artificial brain learns to identify which files are malicious,” said Tel Aviv-based Maya Schirmann, Deep Instinct’s chief marketing officer. “The result is the ability to identify brand new cyber threats and block them, all in real-time.”

Deep Instinct’s technology can be used on computers as well as smartphones and tablets. Schirmann said their clients include several Fortune 1000 companies.  

Staying ahead of threats

While more tools are becoming available, it’s still a challenge to keep up with the threats.

Data storage company EMC, ranked Canada 15 out of 18 countries in terms of being “ahead of the curve” with regard to data protection. However, about 82 per cent of the100 organizations surveyed in Canada said their current data protection wouldn’t meet future business challenges.

The Canadian government also recognizes the importance of cyber security and that’s why they’ve launched the consultation project.

“We need to get really good at cyber security – across our personal, business, infrastructure and government sectors – so we can take full advantage of the digital economy, while protecting the safety and security of Canadians,” said Ralph Goodale, minister of public safety and emergency preparedness.  

Financial Post:

 

« Australian Government Networks Hacked
Critical Infrastructure Is The Next Target »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

Array Networks

Array Networks

Array Networks, the network functions platform company, develops purpose-built systems for hosting virtual networking and security functions with guaranteed performance.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

Cloudsine

Cloudsine

Cloudsine (formerly Banff Cyber Technologies) is a cloud technology company specializing in cloud adoption, security and innovation.

CyberCX

CyberCX

CyberCX provides services from strategic consulting, security testing and training to world-class managed services and engineering solutions.

Hazy

Hazy

Hazy specialises in financial services, helping some of the world’s top banks and insurance companies reduce compliance risk.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

WheelHouse IT

WheelHouse IT

WheelHouse IT secures, manages, and advances businesses with innovative, cost-effective IT solutions.

ISSQUARED

ISSQUARED

ISSQUARED is a leading provider of Cyber Security, Cloud, Infrastructure, Consulting and Digital Transformation services.

Securadin

Securadin

Securadin - Defending Your Data Security. We will assist you in learning how to maintain the confidentiality, integrity, and availability of your organization's assets.

Theta

Theta

Theta is a New Zealand owned technology consultancy. Our team of over 330 experienced professionals help organisations transform with technology.

Chorus

Chorus

Chorus are a leading Managed Security Service Provider (MSSP), and member of the Microsoft Intelligent Security Association (MISA), with three Microsoft Advanced Specialisations in security.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.

Infosec Ventures

Infosec Ventures

Infosec Ventures incubates and scales cyber security innovators that solve inefficiencies in cyber security.