3 federal cybersecurity attacks you should defend against, too

October 25, 20173 Minute Read

If this year’s full of high-profile federal cybersecurity attacks tell us anything, we should plan for plenty more sleepless nights. The good news is business leaders feel the anxiety, too—which means they’re more willing to sign off on tech that promises to reduce cybersecurity risks and protect valuable assets.

In fact, worldwide cybersecurity spending is expected to exceed $1 trillion between 2017 and 2021, according to Cybersecurity Ventures. To help, we’ve defined three of the most common attacks and how successful organizations can respond and prevent future breaches.

1. Malware

In May 2017, a ransomware attack called WannaCry infected 230,000 computers in more than 150 countries within a day. Luckily, Canada was largely spared from the cyber attack.

From viruses to worms, malware—code that siphons data and often destroys or disables important computer functions—is becoming more sophisticated by the day. This destructive software can take down an entire organization in seconds, hopping from device to device and stealing everything from employee information to financials and other sensitive data.

While malware is a colossal threat to your organization, it often starts with something that seems harmless—like an email attachment or a simple software download. That’s why the best defence is educating employees about cybersecurity. Jump in by developing a training on how to spot potential threats within their email and why they should never download unauthorized software. It never hurts to set up firewalls and schedule regular operating systems updates to patch vulnerabilities as well.

2. Phishing

The Canadian government is regularly targeted by email attacks, but a 2015 cyberattack crashed federal government websites and email for dozens of major federal departments for nearly two hours.

Phishing—or the act of deceiving someone into providing sensitive data by acting as a trusted source—is becoming more dangerous as tactics become more complex. Along with using legitimate email addresses, cybercriminals also set up dummy websites that look exactly like the real deal.

The best way to protect against phishing is to remind employees not to send any sensitive information via email and to verify all email requests. To ensure the latter, you can call the company in question using a number found through an official record—never the number included in the potentially bogus email.

3. Rogue users

As decades of government information leaks have proven, sometimes, the biggest threat to your company is already inside it. Employees are responsible for 60 percent of cyber attacks. Worst of all, these threats—called rogue users—likely leverage equipment and technology your organization provides.

A thorough background check and only providing employees access to the data they need for their specific role can defend against these inside hackers. But because rogue users may have already infiltrated your organization, there are a few ways you can identify them. Look for:

  • Frequent after-hours activity
  • Unusual access methods or devices
  • Large and unexpected file transfers
  • Sudden activity from dormant accounts

If you notice any of the above, it’s time to investigate. These activities could be harmless, but it’s always worth a look.

Shutting down federal cybersecurity attacks

Canada’s electronic spy agency, the Communications Security Establishment (CSE), recently issued a warning that online efforts to influence the country’s electoral process are steadily increasing. While partisan politics could thwart the government’s ability to properly address cybersecurity risks, everyone can agree on one point: They can’t do it alone. As a result, the Liberal government has promised to set aside political bickering and work with other federal parties to protect the electoral system.

In anticipation of the 2019 election, the CSE will give its first briefing to all federal parties on the threat and work directly with Elections Canada and its provincial counterparts to increase their defences. But who could be responsible for the attacks? Karina Gould, the Minister for Democratic Institutions, stated: “What matters isn’t who is behind a specific attack, but rather that Canada take steps to protect itself and ensure nobody—state sponsored or otherwise—is successful in their attempts to interfere.” In the end, it’s the IT leaders who play the most powerful role in the fight against cyber attacks and will need to continue acting as their organization’s cybersecurity guardians and gatekeepers.

Gary Hilson April 11, 2018 4 Minute Read

Be ready to play the long game when preparing for GDPR

GDPR preparation has immediate requirements to meet the deadline, but preparing for GDPR will also influence your business operations for the future.

Gary Hilson April 11, 2018 6 Minute Read

Prep for a GDPR audit by building a GDPR compliance checklist

Your GDPR compliance checklist should be heavy on policy and procedures—not just security technology upgrades. Learn more here.

Gary Hilson April 11, 2018 6 Minute Read

Keep pace with the evolving, far-reaching impact of GDPR

The impact of GDPR won't stop once you're done getting all your ducks in a row—the aftermath of GDRP will resonate for years to come.