Why cybercrime is the new organized crime in Canada

Cybercrime is the new organized crime

One quick thought about organized crime and you’re likely to start thinking about the New York Mafia. This is no longer the case for businesses as cybercrime is rapidly overtaking conventional crime in reality. In the past, Canadian businesses typically sought after offices in the best neighbourhoods hoping it would keep criminals away. Back then, it was safe to leave your windows open all night and return the following day without any incidents.

This mindset overtime has forged an attitude that security isn’t a major concern. The business world has however changed rapidly and having such a mindset can be very costly nowadays. The business frontline has shifted online and so has the crime. Since the internet connects everyone together, cybercriminals can easily launch attacks at any business at will.

Regardless of origins, every type of crime eventually becomes organized and cybercrime is no different. The following shows how cybercrime against small businesses has shifted online and is now more organized and targeted than ever.

The impact of cybercrime on Canadian businesses in recent times.

In 2017, Canadian businesses officially spent around $14 billion in preventing, detecting and recovering from cybersecurity incidents. On average, businesses spent between $46,000 to over $900,000 depending on their size and nature of business. 

With 88% of Canadian businesses admitting that they experienced a data breach in 2019, the cybercrime challenge is huge. It’s fair to say its impact has been far-reaching. Although many of these breaches may have gone unreported, they haven’t gone unnoticed. They definitely influence your decisions and actions as a small business owner. For instance, 95% of Canadian businesses already have some form of basic cybersecurity protection in place. However, advanced measures like intrusion detection, firewalls, and even anti-malware are more prominent in larger organizations.

What does this really mean for your small business and how does cybercrime really affect you?

Without beating around, it now affects your small business in every single way. From how you secure your website to how you store data, there’s no limit to the influence that cybercrime has on your business policies. The overall consequence of the different breaches that have occurred in the past decade is that businesses now have to think about protecting their data and systems at every given moment.

The following are some cybersecurity stats you should be aware of as a small business owner in Canada.

  • 60% of small businesses will most likely shut down within 6 months of experiencing a cyber attack.
  • Only 13% of businesses have a written policy in place for managing and reporting cybersecurity incidents. However, organizations in the banking and transportation sectors averaged over 50%.
  • Only 10% of Canadian businesses that experienced a cyber attack went on to report to the Police.
  • Canadian businesses are already losing over $3 billion annually.
  • SMEs make up 98% of Canadian businesses.

How big is the cybersecurity challenge in Canada today?

The cybersecurity challenge is so huge that not even government institutions are left out. According to Accenture, the average cost of a cyber attack in Canada is just over $9 million. From elections and military operations to business email compromise, cybersecurity challenges can be felt in all corners. So much that many already believe it’s a bigger concern than even terrorism.

The increasing frequency of cyberattacks in Canada today consequently means that you or your CISO will need to do more. You’ll need to do more to proactively protect the business from potential attacks. As more businesses continue to go digital, so will cybercriminals who continue to find ways to breach your data.

Top cybersecurity threats affecting Canadian businesses

Here are the top cyber threats that are most likely to affect your Canadian business in 2020. 

Malware and Ransomware

Ransomware attacks are widely considered as the biggest cyber threat facing businesses today. Attackers would usually use software or malware to prevent victims from accessing the files on their systems. Since the WannaCry attacks of 2017 that affected businesses worldwide, there’s hardly any week without new attacks. 

In November 2019 for instance, the Nunavut government in Canada experienced a ransomware attack. Its security systems were not trained to detect hacks like this, forcing them to shut down parts of their network. In 2019, ransomware attacks reportedly resulted in damages of over $11 billion.

DDoS attacks

Distributed Denial of Service (DDoS) attacks are also very common nowadays. It can be especially problematic without the right tools and measures. DDoS attackers typically flood their victims’ websites or services with so much traffic until it becomes overwhelmed and crashes. Alternatively, cybercriminals may also use this type of attack to redirect your web visitors to other websites.

Endpoint attacks

As more businesses move to the cloud, they’ll need to grand third-parties privileged access. These additional data endpoints, however, come with associated risks. A breach in any of their systems will most likely leave your data exposed without the right tools in place. An example of this is the Marriot attack which was the result of a booking system breach. 

With so many businesses shutting down because of ransomware attacks, it’s important to understand the true extent of their impact. For instance, The Heritage Company in the US had to shut down in December 2019. The business had failed to sufficiently respond to a ransomware attack it experienced two months earlier. This closure meant that around 300 staff were suddenly without a job.

Business email compromise fraud

If you’re a Canadian business decision-maker, you can automatically expect that you’re a target for business email compromise fraud. This threat relies on gaining unauthorized access to a business email and intercepting financial transaction communications. According to the Canadian Anti-Fraud Centre (CAFC), businesses globally (including Canada) lose over $5 billion to this fraud.

One example to remember is the City of Burlington which fell victim after hackers posing as a trusted vendor sent new payment instructions. The City had already sent over $500,000 before it realized it was a scam.

Phishing attacks are becoming more targeted

Phishing remains the cheapest method for compromising business credentials and is the topmost cyberattack vector for hackers. It typically appears as an email with links that either deliver malware to a victim’s computer or network. Hackers can also use phishing attacks to lure you into giving them your credentials.

5 reasons why you need a Managed Security Services Provider (MSSP) to tackle cybercrime

With 43% of cyber attacks now aimed at small businesses, you should need no further incentives to protect your business. Managed Security Service Providers (MSSPs) offer unparalleled benefits when it comes to securing your IT infrastructure from cybercriminals. The following highlights the top five reasons why you need an MSSP for your small business.

Cost savings

The costs associated with deploying the relevant technologies and tools required for combatting cybercrime can quickly add up especially for small businesses. However, MSSPs ensure that you do not have to break the bank by getting all these tools on your own. Similarly, hiring a complete IT team may be unthinkable for a business that’s just starting out but MSSPs ensure that you can remain protected regardless of your size or budget.

Unrivalled expertise

The exposure that comes with providing protection for a wide range of clients means that you will ultimately benefit more from using MSSPs than an in-house IT team. Nevertheless, MSSPs are also known for being an extension of your IT team so if you have one already, they can seamlessly work closely together.

Reliable support and training

From providing technical support to organizing training for your staff or in-house IT department, MSSPs can be at your beck and call when you need them.

Improved cybersecurity insights

As your business continues to generate relevant data about its security, MSSPs can help you use SIEM to analyze the data gathered from a single point of view.

Customized security solutions

Rather than getting numerous disparate cybersecurity tools that may or may not be fully relevant to your enterprise, MSSPs generally ensure that you get a fully customized security solution that meets your specific security needs.

What’s the Future of Cybercrime?

As the threat landscape continues to evolve, so will hacker sophistication. You can expect that hackers will continue to adapt to newer technologies or innovations as they come up. For instance, as the adoption of machine learning and artificial intelligence become more universal, you can expect a shift. You should also fully expect cybercriminals to swiftly adapt and become even more organized and targeted in their approach.

Closing thoughts

As cybercrime continues to be even more organized, SMEs and all businesses at large must respond decisively. A good start is by being preemptive and calculative in your approach towards preventing, detecting and responding to these threats. Over the past decade, MSSPs have proven to be reliable allies for Canadian SMEs in the fight against cybercrime. Contact Abrisuite today to experience how our suite of solutions can help your business stay one step ahead of cybercriminals.

The risk of Ransomware attacks on lawyers and small law firms.

Is your firm safe from a Ransomware attack?

In the past few years, damaging ransomware attacks have been mounted on lawyers and law firms including Bad Rabbit, NotPetya and WannaCry. As a lawyer, you might be forced to pay an enormous amount of money to get your documents back. Subsequently, to mitigate such occurrences the pressure for businesses to keep their systems safe is fast growing.

For lawyers and law firms, the problem is not the high sums paid, but the consequences that a firm faces when it is locked out of its systems for a few days, and the loss of important clients. It is worth noting that falling a victim of such a felon activity may as well land a firm on the wrong side of the law. In 2016, the US recorded a 300-percent rise in ransomware cases and lawyers in Ontario and other parts of Canada are not safe.

Stalled Business

Imagine a case where your law firm is locked out. You will be without phones, email and all other forms of communications. Additionally, if you are locked out for a week or two, your clients will panic, and the law firm will incur huge losses. In most cases, a firm will be on a stalemate a few hours after the attack. Thus, rendering all its activities paralyzed.

Ransomware attacks take between a few seconds to a few minutes to attack thousands of computers. Since you cannot stop the attack once it has started, the only option you have is to try to keep your systems safe.

Regulatory and Legal Implications of Ransomware Attacks

If you are unlucky and your firm gets attacked by ransomware, where does that leave you from a legal and regulatory perspective?

According to PIPEDA, you are required to act in the best interest of all your clients, report all breaches in your system and share all the details of the attack. Albeit, this does not work for the best interests of your clients. According to PIPEDA, failing to take reasonable steps to keep your firm safe from a ransomware attack would be breaching the principles of risk management.

There are always confidentiality implications in ransomware attacks. The law requires that all affairs and confidentiality of clients be kept confidential unless authorized by the law or the clients give consent. You are also supposed to have systems in place to prevent attacks. If you have not put systems in place to protect your firm, you are in breach of these regulations.

Should You Pay Ransom

The law is not clear on whether you should pay the ransom. In situations when you pay such payment, and it is used by terrorists to attack people, towns or cities, you might have a problem with the law.

Should you pay? This is not a question anyone can answer. Does your firm have the resources to pay the ransom? Are you sure you will get your data back after paying the ransom? Do you have a backup where you can access your data? Are there cyber-security companies that can help you recover data?

Avoiding an Attack

The only way to stay safe from an attack is to keep your data protected and backed up. One solution is not enough, and you need a multifaceted approach.

The first step is to accept that ransomware attacks are real; they attack small, medium and even large law firms. A strike could lead to permanent damage to your files, your firm’s reputation, land you in trouble with the law and even lead to the closure of your practice.

You need to back up your data and put in place hardware and software defences. Let a professional test your systems and train your employees on cyber-security.

The cost of ransomware attacks are detrimental: hence, at Abrisuite we have identified advanced cyber café security to protect law firms of various sizes from falling victim of such cyber predators.

Get in touch with us now to get a free information security consultation.

Request an on-site consultation here!