Cyber security lessons every Canadian business should learn from 2016

Having worked in cyber security over the last decade, I have witnessed a staggering escalation of estimated costs relating to cybercrime. Eye-watering figures have become so prevalent in our day to day that many have seemingly become desensitized to reading of multi-million dollar breaches.

Current estimates project the costs associated with cybercrime to reach $2 Trillion USD by 2019. That is two thousand BILLION dollars.

Further research shows that Canada currently has the highest cost for detection and escalation of a breach in the world at $0.53 per lost record.

So what should Canadian businesses be doing to protect themselves and what can they learn from 2016 that will help them steer clear of being part of the $2 trillion problem in 2017?

Ransomware goes corporate

Ransomware - an illicit program or piece of code that when executed will hold data on the host machine to ‘ransom’ - is on the rise with predicted extortion figures to hit $1billion USD in the coming year. In a relatively short period of time, we have seen ransomware targets move from consumer through to government and corporate targets.

There are several forms of infiltration techniques used to inject ransomware on to a host or company network, the most common being links/attachments within emails, Trojan horse via a rogue USB stick or via infection from a nefarious website.

To properly protect an organization from ransomware requires a layered approach:

User education is a low cost/high error rate solution; ensuring that everyone in an organization has at least the base knowledge of what to spot in emails, on websites and basic security measures such as USB port monitoring can help reduce risk, but always remains subject to human error.

Adding a software solution able to monitor incoming and outgoing emails for ransomware links or attachments will cut down on the known links and attachment names/contents however it will not pick up new, changed or previously unseen ransomware attempts.

Endpoint protection is the key piece that will help protect from ransomware, using end point protections, administrators can stop processes on a machine starting other processes that are not whitelisted. Using this whitelisting approach - blocking all and allowing only what is specified - ensures a far higher level of protection within a company environment.

Every cloud app is secure, isn’t it?

The benefits of cloud based applications are too useful to ignore and 40 percent of North American business-critical applications are now held within the public cloud. Whether using the cloud for file storage, communications, or other business applications which hold data remotely, if not properly protected, businesses can leave themselves open to a breach.

A report released by Netskope showed that 34 percent of organizations are unaware of malware in their cloud applications. 57 percent of organizations that do scan for malware in their cloud apps found it to be present. There are plenty of mechanisms available to safely adapt cloud services. These include properly controlling usage, regular scans and rapid remediation of threats.

All ‘Things’ are a threat

The Internet of Things (IoT) is a network of ‘smart’ devices which are connected over the internet. All of these things which include smart lights, connected thermostats, etc, are designed to make our lives easier or more efficient. However, with each device connecting to the internet, there exists the potential for malicious attacks to occur through breaching the relatively low level of security many devices are protected by.

While traditionally devices found in a home such as desktop computers would commonly be protected by anti-virus and other software, many of the newer connected devices which have unlimited access to the internet, will have little or no protection and be left with default usernames and passwords.

So how do these affect businesses? A recent service outage experienced by major services such as Netfllx, eBay, Twitter and PayPal was powered by an army of devices from the IoT - all of which were susceptible to a simple hack which preyed on exploiting default usernames and passwords - and instructing those devices to collectively target Dynamic Network Services.

These types of attacks highlight how weaknesses in any part of a network can be exploited for malicious purposes - even a network of seemingly harmless devices located in homes across the globe. 

While the prevention of these types of attacks specifically lie in better education of smart device users and improvements in device security itself, businesses have to be more wary than ever of the shifting complexities of cybersecurity and the ever-changing nature of the threats that exist.

Andrew Douthwaite, Vice President Managed Services, Virtual Armour