By Dominic Chorafakis, P.Eng, CISSP – January 31, 2020

A look back at 2019 tells us all we need to know about what we can expect in the world of cyber threats for 2020. The past year saw the return of the Ryuk virus hit the Canadian market targeting three Ontario hospitals and a Toronto dental clinic in which the attacker encrypted the clinic’s files and demanded $165,000 in ransom in order to restore access to the files.

The recent LifeLabs data breach is the largest yet in Canada in terms of personal record count, and the company may end up paying dearly for its security lapse. A civil lawsuit that was just introduced in Toronto is seeking a total of $1.14 billion dollars in damages.

 

We know that incidents of cybercrime are on the rise, and a StatsCan report found that one-fifth of Canadian businesses reported that they were impacted by a cyber security incident.

Cyber threats have become main stream and now regularly make the news. Statistics show us that companies large and small are not exempt from the threats of cyber criminals looking to access their company info and steal their data. In fact security sources predict that nearly half of the cyber-attacks for 2020 will be on small businesses.

So How Can We Use The Events From Last Year To Prepare For The Year Ahead?

The first step is to accept that cyber threats are here to stay. In today’s world all businesses small and large are connected to the web and a network of external sources and potential openings for threats to pass through. Many of these threats simply didn’t exist in past years but they are here now and they aren’t going anywhere. Business that choose to adopt an “it won’t happen to me” approach are at the greatest risk, and with the average cost of a hack for small and medium Canadian business being in the range of  $46,000 to $100,00 dollars it’s a risk many business will find too hard to recover from.  But it’s not too late. Here are three simple suggestions to get you started.

• Have a plan – Work with your IT support staff to create a plan that details the steps you should take to prevent an attack along with the steps to take in the event of an attack. This will not only reduce your risk, it will also reduce the impact of an attack so your business can be up and running in no time.
• Train your staff – Statistics show that 60% of all security breaches come from internal staff, so creating cyber awareness internally is a key safeguard for your company.
• Apply a multi-layer approach to security – make sure that you install anti-virus, anti-spyware and intrusion prevention tools and that you routinely update the software and operating programs that you use to run your business. Adopting a security monitoring solution is the final layer in a comprehensive package.

Staying ahead of the threats is an everyday challenge and not one that most business owners can, or should manage alone. The good news is that tools to fight cyber threats have also been growing and now more than ever business have the resources available to help them protect their data.