Cybersecurity: How to identify and address the threats

computer with lock
Farooq Naiyer, CISO for eight of ORION's community, explains what you can do to reduce the threat of cybercrimes.

At a time when cybercrime is growing fast and causing more serious damage than ever, it’s increasingly important to pay attention to online security.

 

Each year, more individuals and organizations suffer malicious software attacks on their computer networks. More schools, companies and governments have large sums of money and confidential data stolen by hackers. In August, MacEwan University in Edmonton was defrauded of $11.8 million in an email phishing scam. Such attacks are soaring – 1.4 million phishing websites are created every month. With the use of web-enabled technologies and services continuing to rapidly increase, such attacks will only proliferate. By 2021, global cybercrime is expected to reach $6 trillion in costs related to data loss, stolen money, lost productivity and reputational harm.

 

Public Safety Canada takes various approaches to keeping Canadians safe online, including participating each October in Cyber Security Awareness Month, an international campaign to raise public awareness of digital security. Cybersecurity is also a key priority for ORION. As the shared chief information security officer for eight Ontario post-secondary schools, I help with establishing security frameworks that can address current information privacy and cybersecurity challenges.

 

Among the schools I support is Brock University, which is running cybersecurity workshops this month. Today, I gave the keynote address at Brock about common cybersecurity threats and effective solutions:

 

  • Identity theft affects millions of people each year. Recently, we learned Equifax suffered a major data breach that exposed the personal information of 143 million Americans and 100,000 Canadians. Such incidents increase the odds of people experiencing identity fraud.
  • Phishing emails try to fool us into giving out personal information such as passwords, bank account numbers and credit card numbers
  • Spear phishing refers to fraudulent emails aiming to access sensitive data in a targeted organization’s network by tricking someone into clicking on a malicious embedded link.
  • Whaling, another form of phishing, involves con emails aimed at high-level businesspeople aiming to steal valuable information. Masquerading as official business emails, they try to lure executives to click on malware links by pretending important business is at stake.
  • Ransomware attacks is where the victim’s private data may be published or blocked until a ransom is paid.

 

The good news is that organizations can do a lot to prevent cyberattacks:

 

Raise awareness: In 95% of security incidents, human error is involved. Educate your employees on how email scams work and what to do if encounter one, so they don’t fall into their trap.

 

Invest in security: A robust security software solution that monitors networks for potential viruses is critical to protecting your computer network.

 

Look for weaknesses: Conduct regular vulnerability assessments that include simulated cyberattacks to uncover any security weaknesses in your computer network.

 

Adopt a “clean desk policy”: When employees leave their stations, they should store their private documents in a locked cabinet and lock down their computers.

 

The cyber threat landscape is constantly changing, and cybercriminals are becoming increasingly sophisticated. With the stakes so high, it’s critical to leverage effective cybersecurity strategies in order to protect what matters to our organizations. You can find more information on cybersecurity as well as useful tips, tools and resources in the Government of Canada’s Cyber Security Awareness Month Toolkit.