All it takes is one click on the wrong link to be vulnerable. While 86 per cent of Atlantic Canadians are familiar with cyber threats, research shows that far fewer are confident in their current ability to manage them.
This was one of several important themes shared this week at NATIONAL Atlantic’s Spotlight on Cyber security. Karen White, Vice-President, Crisis and Issues Management at NATIONAL, and Jane Elise Bates, Counsel at Cox & Palmer, shared insights and considerations to think about when responding to cyber security threats.
Spotlight, NATIONAL Atlantic’s signature event series, is focused on convening partners and stakeholders for conversations on timely and relevant topics. Here are three takeaways from our latest conversation:
Cyber attacks are on the rise
Nearly five million Canadians began working from home in 2020, opening organizations and their IT infrastructure to a host of new vulnerabilities and risks—from logistical challenges facing IT teams, to insecure home Wi-Fi networks.
Last year, cyber attacks in Canada rose by 31 per cent, per company. With remote and hybrid work here to stay, these vulnerabilities—and the malicious actors trying to exploit them—are here to stay.
Not only do cyber criminals attack and extort companies—locking employees out of their systems and holding information for ransom—but we are now seeing double and triple threat attacks, where the organization’s employees and customers are targeted.
To pay, or not to pay?
The idea of paying ransom to a cyber criminal may come as a shock to some, but in times of crisis, 54 per cent of businesses opt to pay the ransom.
There are several situations in which companies may choose to pay the ransom to their attackers.
Cyber attacks can last for weeks, and even months. Often, companies can’t do business without access to their computer systems. In other circumstances, it may simply be cheaper to pay the ransom than to restore and rebuild systems from scratch. Confidential or sensitive customer information being at risk, such as healthcare records, also may impact decision making. Finally, organizations may have contractual obligations or expectations from customers to do everything in their power to restore customer information in a timely manner.
Of course, organizations must be aware that paying the ransom does not guarantee the attackers will back off, give their data back, or stop them from leaking or selling their information online—they are criminals, after all. It’s also possible that paying the ransom will show that an organization is desperate to get their information back and motivate the attackers to launch more attacks—or even put a target on their back for other criminals. There may be cost implications of paying the ransom as well, in the form of higher insurance rates. These decisions require careful deliberation by your cyber response team.
Offense is the best defense
The best defense against cyber attacks is a strong offense.
Proactively conducting penetration tests, identifying vulnerabilities, and educating staff on potential risks can go a long way in preventing and minimizing cyber attacks.
For many organizations, cyber attacks are not a question of if, but when. Obtaining cyber insurance before it is needed can help minimize the damage of attacks, and insurance providers can draw on their own networks of experts in the event of an attack.
Assembling a cyber security response team and conducting regular planning, simulations, and exercises can also help ensure organizations are prepared. Cyber attacks come at inopportune and inconvenient times, and it is important for these teams and their plans to be ready to be activated at a moment’s notice.
Taking the necessary precautions to prevent and minimize the impacts of cyber threats can sound like a daunting task, but the upfront work can save countless hours and dollars in the long run.
Interested in learning more about preparing for cyber security risks? Contact our team of experts.
At NATIONAL, we love being in the middle of things that matter. We want to facilitate conversations, spark debate, and put the spotlight on the important issues driving our region. Interested in convening a Spotlight? We would love to hear from you.