How an integrated approach to cybersecurity protects business from bad actors
Thanks to automation and easy access to tools, we are living the golden age of financial crime.
Adware, ransomware, denial of service, password cracking, pharming, phishing and malware — the range of tools and techniques, at the disposal of cyber threat actors, continues to increase. Bad actors with seemingly unlimited financial resources and skills can evade cyber defences with a package of software tools for as little as US$15,000.
That’s the bad news. The good news is that there are steps that can be taken.
Cyber Security Awareness Month wants individuals and businesses to know that there are ways to fight back. This monthly international campaign, held in October, sets out to inform the public of the importance of cybersecurity.
Federal privacy commissioner Daniel Therrien estimates 19 million Canadians were affected by data breaches between November 2018 — when reporting serious breaches of organizations’ security controls became mandatory — and June 2019.
Although Canadian financial institutions are considered security leaders, in June 2019, a staffer at a Quebec-based credit union was fired for allegedly sharing personal information of more than 2.7 million individual members and 173,000 businesses. In August 2019, a data breach at Quebec’s tax collection agency affected 23,000 past and present employees. The province said an internal investigation showed the data wasn’t used for malicious purposes or sold to third parties.
No size of organization is immune. A bad actor, or actors, hacked the University of Ottawa’s online student news site, stripping it of content. Earlier this year, an attacker defaced the Facebook page of a Halifax vegan restaurant.
It’s not just businesses (and individuals) being targeted. Using ransomware, cyber attackers have gone after Canadian municipalities. Recently the city of Stratford, Ont., acknowledged paying the equivalent of $75,000 in bitcoin following an attack. And, in late September 2019, Michael Garron Hospital in Toronto was the subject of a ransomware invasion.
So, what steps can be taken? Increasingly, an integrated approach — one that involves AI and physical security as well as cybersecurity — is necessary.
An integrated approach to cybersecurity
As threats become increasingly prevalent and sophisticated, enterprises must arm themselves with an integrated approach that pulls information and skills from multiple sources.
Convergence of teams, strategies and frameworks can improve operations and organizational communication and alignment. Eliminating silos between IT and physical security teams allows both to work together to identify problems before they become a crisis.
Synchronizing teams enables organizations to better strategize when facing information leaks, internal threats, and cybercrime. When hackers targeted one of Europe's leading aluminum producers, in March 2019, news of the attack first appeared on social media when someone noticed the company’s website was down. As soon as the news reports appeared, the company sent real-time alerts that identified the version of ransomware. Companies in every business sector were able to quickly learn how their own systems could be compromised.
A cohesive, unified and integrated approach can help enterprises mitigate risks posed by hackers and bad cyber actors. Updating legacy systems, such as supervisory control and data acquisition systems designed, contributes to a unified security framework. Sharing information across silos increases efficiency and communication.
Advanced technologies can also be used in the war against cybercrime. Organizations should consider a variety of available datasets, including publicly available information for their speed and ability to recognize and adapt to threats. In addition, AI-enabled pattern recognition systems can quickly ferret out suspicious or abnormal behaviour.
Cybersecurity is not just a technology-related issue, but a significant business risk. It can impact everything inside the organization and many other things outside of it. Cyber Security Awareness Month is the perfect time to think about what steps you and your organization need to take a more integrated and effective, approach.
Are you looking to learn more?
Cyber attacks are evolving so fast that organizations need security solutions that are proactive, holistic and ready to deal with threats that shift rapidly in scope and intensity – and that’s exactly what Bell delivers. As the only communications provider recognized by IDC as a Canadian leader in security three years in a row, Bell has advanced threat detection and built-in network defences to help keep your business safe. Visit Bell's solution page to learn more.