WHAT IS A “CYBER SECURITY INCIDENT”?

Cyber security incidents are crimes committed with a computer or through the use of the internet (i.e. a physical or digital breach) with the goal of infiltrating an organization’s information systems to cause damage, obtain confidential data, or both. Depriving organizations access to their own data or servers can also be a goal of threat actors (those who perpetrate cyber crimes), who can then extort organisations or resell stolen data for profit.

Some examples of different types of cyber security incidents are:

• Ransomware – When malicious software (i.e.: Malware) gains access to a company’s network and encrypts all or some of the files contained within same. The company can no longer gain access to the encrypted files, unless a ransom is paid, failing which the files could become unrecoverable. A twist has been added in recent years to encourage ransom payment: threat actors duplicate sensitive files before initiating the encryption and not only deprive victims of access to their data, but also threaten release of sensitive information should the ransom not be paid, to inflict reputation damage upon the companies.
• Insider Attacks – When trusted employees misuse access to a company’s systems maliciously, to steal or damage sensitive data. While these attacks are usually intentional in nature, they can also occur as a result of an employees actions, for example by not applying the best practices when accessing a company’s network and inadvertently causes a breach.
• DoS Attacks – When threat actors intentionally overwhelm a company’s website, rendering it inaccessible for business. They can also be used to distract companies, while threat actors attempt to gain access to a company’s system and steal confidential information, for example credit card information of the businesses’ customers.
• Phishing – When threat actors employ devious techniques to trick recipients into taking action. The most prototypical example is large email campaigns which are automated and sent to a wide audience in the hopes that a small percentage of recipients will “take the bait” and click on a link which could automatically download malware onto a server to cause damage or steal sensitive information. The emails usually appear as if they originate from a trusted source and create a sense of urgency. For example, emails seemingly being sent by your bank, informing you that your account has been compromised and requesting that you act immediately to secure your account by clicking on a specific link.

WHO IS AT RISK?

The short answer is that any entity using computers or the internet to power their business is at risk. However, there is a noticeable trend as to who threat actors perceive as the most attractive target: small and medium businesses. The reason is simple: bigger and more established companies tend to have the resources to implement more complex security architecture to protect themselves from threats. Small and medium-sized companies tend to be more conscious of diverting hard won capital from the growth of their business and investing in the implementation of network security solutions, which can be costly and burdensome to comparatively small workforce.

There is also a question of perception. Simply put, until it happens, no one really believes that they are at risk for cyberattacks, nor do they understand the extent to which such events can debilitate their business.

The number of successful cyberattacks in Canada is rising sharply year over year, with a more effective “hit rate” – successful attacks which become an incident . What’s more, the down time associated with these attacks is increasing: small and medium businesses can expect a downtime ranging from 12 to 18 days with full system recovery being obtained by an average of 25.6 days . The changing political landscape and increasing use of cyber warfare to achieve geopolitical gains are fuelling predictions of increased digital security events in the foreseeable future. Cyberattacks have become an undeniable threat to our economy and a global call to action has been sounded to increase industry’s resistance and recovery capabilities.