Cyber security threats have become so prevalent that, regardless of the industry or the size of the organization, every business and institution is susceptible to an attack.
MNP conducted a cyber survey in early 2017 that found “half of Canadian C-suite executives and nearly a quarter of entrepreneurs said their businesses' cyber security was breached in the past year.” While 93 per cent of the combined groups said they felt their companies effectively protected customer data, nearly three in five of those polled "either suspect or know for certain" they were victims of hacking attempts.
For many companies, it could just be a matter of time before they experience a breach that could impact their reputation or put their entire business at risk.
As the number of attacks grow, it’s becoming almost impossible for businesses to implement policies and solutions to prevent every potential threat. A strategic approach to manage cyber security can prevent the most likely attacks and help businesses develop plans to deal with a breach quickly and minimize its impact.
The Most Common Attacks Today
News headlines often draw attention to the most sensational types of attacks. These stories usually involve the theft of large amounts of compromising data or the release of sensitive information online.
A significant number of security breaches never make the news; however, they can cause catastrophic damage and have impacted organizations in every sector of the economy. Some of the most prevalent types of attacks over the last year have included:
- “Hacktivism” targeting specific companies for the purpose of revealing company secrets, destroying the company’s reputations or hurting companies financially.
- Distributed Denial of Services (DDos) attacks where networks are overwhelmed and online services are shut down.
- Phishing attacks on employees as a way of bypassing a company’s security system to gather login credentials or other valuable information.
- Industrial Internet of Things (IoT) attacks that allow an attacker to infiltrate a company’s system through internet connected devices.
- Ransomware attacks where a malicious software locks all assets, including computers or entire networks, and prevents access to any data or information until a ransom is paid.
Building an Inventory of Risks and Resources
With limited time, budgets and resources to tackle cyber security, there is a very real danger that companies are investing in the wrong security if they simply follow the headlines. Breaches and attacks vary widely by industry. In health care, an attack may focus on connected medical devices or privacy breaches. In finance, protecting customer data and preventing identify theft are key issues. For tech companies, intellectual property and malware need special attention.
While there are immediate steps any organization can take to significantly reduce vulnerability, it’s important to take additional steps to understand specific vulnerabilities. A cyber security health check can help businesses identify the greatest vulnerabilities while also capturing a snapshot of the assets that could be lost and assessing the resources needed for protection or to respond an incident. With this information, organizations can set specific priorities and implement a strategic plan to mitigate the risks.
Knowing the potential fall out of an attack can also help prepare teams and resources to react quickly. Having a plan allows organizations to get services back online quickly and keep the impact to customers and to business to a minimum.
Being Realistic and Being Prepared
The 2017 Cyberthreat Defense Report by CyberEdge Group, Canadian companies continue to be optimistic when it comes to cyber security. Based on their data, 74 percent of Canadian respondents indicated that they had been compromised by at least one successful attack in the past year.
Given the numbers, this optimism may be misplaced. Rather than hoping an attack doesn’t happen, businesses, regardless of their size, need to be prepared and make security a top priority. A strategic plan also allows companies to develop of effective employee education, build appropriate monitoring systems, and invest in the modern technology to reduce the potential for attacks.
Tomorrow’s technology is shaping business today. To learn more about how MNP can help you develop a strategic cyber security plan for your organization, contact Danny Timmins, National Cyber Security Leader, at 905.607.9777 or [email protected].