3 federal cybersecurity attacks you should defend against, too

October 25, 20173 Minute Read

If this year’s full of high-profile federal cybersecurity attacks tell us anything, we should plan for plenty more sleepless nights. The good news is business leaders feel the anxiety, too—which means they’re more willing to sign off on tech that promises to reduce cybersecurity risks and protect valuable assets.

In fact, worldwide cybersecurity spending is expected to exceed $1 trillion between 2017 and 2021, according to Cybersecurity Ventures. To help, we’ve defined three of the most common attacks and how successful organizations can respond and prevent future breaches.

1. Malware

In May 2017, a ransomware attack called WannaCry infected 230,000 computers in more than 150 countries within a day. Luckily, Canada was largely spared from the cyber attack.

From viruses to worms, malware—code that siphons data and often destroys or disables important computer functions—is becoming more sophisticated by the day. This destructive software can take down an entire organization in seconds, hopping from device to device and stealing everything from employee information to financials and other sensitive data.

While malware is a colossal threat to your organization, it often starts with something that seems harmless—like an email attachment or a simple software download. That’s why the best defence is educating employees about cybersecurity. Jump in by developing a training on how to spot potential threats within their email and why they should never download unauthorized software. It never hurts to set up firewalls and schedule regular operating systems updates to patch vulnerabilities as well.

2. Phishing

The Canadian government is regularly targeted by email attacks, but a 2015 cyberattack crashed federal government websites and email for dozens of major federal departments for nearly two hours.

Phishing—or the act of deceiving someone into providing sensitive data by acting as a trusted source—is becoming more dangerous as tactics become more complex. Along with using legitimate email addresses, cybercriminals also set up dummy websites that look exactly like the real deal.

The best way to protect against phishing is to remind employees not to send any sensitive information via email and to verify all email requests. To ensure the latter, you can call the company in question using a number found through an official record—never the number included in the potentially bogus email.

3. Rogue users

As decades of government information leaks have proven, sometimes, the biggest threat to your company is already inside it. Employees are responsible for 60 percent of cyber attacks. Worst of all, these threats—called rogue users—likely leverage equipment and technology your organization provides.

A thorough background check and only providing employees access to the data they need for their specific role can defend against these inside hackers. But because rogue users may have already infiltrated your organization, there are a few ways you can identify them. Look for:

  • Frequent after-hours activity
  • Unusual access methods or devices
  • Large and unexpected file transfers
  • Sudden activity from dormant accounts

If you notice any of the above, it’s time to investigate. These activities could be harmless, but it’s always worth a look.

Shutting down federal cybersecurity attacks

Canada’s electronic spy agency, the Communications Security Establishment (CSE), recently issued a warning that online efforts to influence the country’s electoral process are steadily increasing. While partisan politics could thwart the government’s ability to properly address cybersecurity risks, everyone can agree on one point: They can’t do it alone. As a result, the Liberal government has promised to set aside political bickering and work with other federal parties to protect the electoral system.

In anticipation of the 2019 election, the CSE will give its first briefing to all federal parties on the threat and work directly with Elections Canada and its provincial counterparts to increase their defences. But who could be responsible for the attacks? Karina Gould, the Minister for Democratic Institutions, stated: “What matters isn’t who is behind a specific attack, but rather that Canada take steps to protect itself and ensure nobody—state sponsored or otherwise—is successful in their attempts to interfere.” In the end, it’s the IT leaders who play the most powerful role in the fight against cyber attacks and will need to continue acting as their organization’s cybersecurity guardians and gatekeepers.

Gary Hilson October 31, 2018 4 Minute Read

5 ways to prepare for PIPEDA’s updates

PIPEDA's getting an update, and it looks a whole lot like GDPR. Here are five best practices that will help you stay compliant.

Stephanie Vozza October 29, 2018 4 Minute Read

Brush up on these 4 fundamentals for Cybersecurity Awareness Month

From employee training to shoring up endpoints and passwords, get primed for Cybersecurity Awareness Month with these four security and privacy tips.

Graham Templeton September 26, 2018 4 Minute Read

Prepare for PIPEDA with better device security and data privacy

Complying with PIPEDA's new privacy amendments requires diligence in everything from internal processes to device security.