In the last 12 months, so many aspects of our lives have been turned upside down. Public health orders saw us staying home, many businesses were forced to shutter, and we experienced a massive increase in the number of Canadians working from home. This, in turn, has led to a dramatic rise in the volume of online business being conducted. This fact has not gone unnoticed by those looking to carry out cyber attacks.
Cyber Attacks – Facts and Figures
A recent report from the Insurance Bureau of Canada has starkly highlighted the risks facing small and medium-sized businesses across Canada.
- Cyber attacks have increased in the past year for 99% of Canadian businesses.
- 89% of businesses have experienced increased phishing attacks.
- Remote work has increased the average cost of a data breach by $137,000.
- 47% of individuals fall for phishing scams while working remotely.
- Between February and May of 2020, more than half a million people were affected by breaches of personal data of video conferencing software users.
Understanding the Landscape of Cyber Threats
As small businesses across Canada accelerate their digital transformation, cybersecurity will take on increased importance. Understanding the reputational, operational, legal and compliance implications of your cyber risks has never been more a more important task for businesses.
Here are some of the common cyber threats faced by Canadian businesses.
Many employees continue to work remotely. While the vast majority have been productive, some are utilizing the lack of supervision and technical safeguards to carry out fraud or other criminal activity. In our experience, many businesses are aware of the external threats they face, but still underestimate the potential for criminality within their ranks.
Lax Security Measures
Cybersecurity is an arms race. IT professionals are engaged in a race to keep their infrastructure up to date to fight off a constantly evolving threat from criminals. Weaknesses are found within large companies all the time. Small businesses, without dedicated cybersecurity teams, are seen as a soft touch. Criminals are increasingly devoting themselves to targeting small businesses for this reason.
Sometimes, the threat companies face from cyber crime isn’t designed to steal. Instead, hackers can be fighting for a social or political issue and small businesses can get caught in the crossfire. Examples include DDoS attacks on infrastructure (distributed denial of service), or the leaking of personal information to embarrass a victim. This can lead to reputational damage for an organization.
A growing collection of hacking hobbyists, or “script kiddies” are testing out their skills and attack vectors on small businesses. This exercise is used as a learning experience that equips them with the savvy to take on larger targets.