Cyber threats are more abundant than ever
By Theo van Wyk, head of solutions development & cybersecurity, CDW CanadaInnovation & Technology Operations Electronics cybersecurity security
Here’s how you can help your organization prepare
Cybersecurity has become a critically important consideration for every organization, as our data – both personal and professional – has never been more valuable and bad actors have never been more sophisticated. The pandemic compounded this evolving issue, as employees were quickly transitioned to working from home, subsequently and greatly expanding our personal and professional surface attack areas.
The past month of October was Cybersecurity Awareness Month in Canada, providing an opportunity for organizations to look at the real and perceived cyber threats they face and where vulnerabilities lie. From financial losses to a loss of customer confidence, the consequences of a hack can be far-reaching, severe and permanent. As such, it’s important to remember that there is no such thing as an organization being too big or too small for bad actors and robust cybersecurity hygiene should be a regular core practice for organizations and good ‘digital citizens.’
A recent survey from CDW Canada examined working Canadians’ perceptions of the cyber threats they face in their daily lives. From an organizational perspective, the results are both concerning and contradictory. While the majority of respondent say they take computer and network security seriously (95 percent and 93 percent respectively), 28 percent of respondents share their computer password with a few people while 38 percent do the same for their network. With work and personal lives and networks becoming increasingly intertwined, it’s critical that employees recognize the dangers lurking online and take the necessary steps to address these vulnerabilities. It’s equally important, however, for organizations to provide the requisite education to their employees rather than merely assuming they will take the appropriate precautions.
To help Canadian organizations stay on top of their cybersecurity efforts, here is a list of common ways organizations can prevent from becoming the next cybersecurity victim.
Keep your network secure
Network security is an extremely important step to take in cyber defence. The traditional work network has been expanded outside of an organization’s walls with employees working from home. Without the proper safeguards in place, organizations are risking confidential and proprietary information being improperly accessed.
One common vulnerability organizations face with a remote workforce is that home routers are typically less secure that those in traditional workplaces. Bad actors won’t hesitate to take advantage of the new opportunities present as a result of the pandemic and they are more than prepared to access a device connected to a weak network if given the chance. In fact, many bad actors have automated their approach, meaning they can attempt to access thousands of networks simultaneously. In order for companies to protect themselves from these potential threats, they need to ensure their employees are connected to secure networks and not on public or weak Wi-Fi without using a VPN. Measures such as using separate networks for business and personal devices are great for adding security. A recent CDW survey of IT professionals found that 23% of responding organizations adopted new endpoint security solutions to secure their network in the current environment.
Leverage available technology to support your cybersecurity initiatives
Another threat that businesses face today are cyber-attacks in the form of malware, phishing and whaling. Malware refers to a wide array of cyber threats including viruses, ransomware and spyware. Bad actors use malware to gain unauthorized access to a device or network. Once there, they can manipulate and steal information or cause extensive damage to any device. Phishing scams can be found in the form of advertisements, emails and text messages which are used by scammers to trick people into giving them their personal information, while whaling is similar to phishing but targets an organization’s executive members. These cyber criminals typically impersonate legitimate organizations and provide links to online forms that ask users for their private information. This can include anything from usernames and passwords, credit card numbers, account numbers and other valuable information. Phishing scams have become much more sophisticated over the years and can easily trick someone into providing their information. Among working Canadians, these are among their concerns as 58% worry about malware, 52% worry about phishing and 40% worry about ransomware while only 7% are concerned about whaling.
The cyber threats facing today’s organizations have become too fast and complex for people to handle alone. According to CDW Canada’s 2020 Cybersecurity Study, artificial intelligence (AI) and machine learning (ML) are being leveraged by organizations to support their cybersecurity initiatives. These relatively new technologies improve pattern recognition and are being used by analysts to improve and streamline their daily tasks. This study found that over one third (37%) of respondents are leveraging AI and/or ML in their fight against cyber threats. Furthermore, 75% of respondents said they significantly improve cybersecurity effectiveness. There are, however, two third of respondents (66%) who indicated consumption of the basic AI/ML findings were difficult to understand, indicating that more training needs to be done to fully realize the technologies potential.
Exercise caution with third-party suppliers
In today’s age of globalization, most organizations are working with third-party suppliers and vendors. Some may be in the same city, while others could be on an entirely different continent. Although your organization could take cybersecurity seriously and have proper protocols in place, can you guarantee your suppliers do? CDW’s study found that over three quarters (82%) of respondents noted they experienced a cybersecurity incident due to the poor cyber hygiene of a third-party. Even more concerning is that two in five respondents (37%) noted their organization provides third-party suppliers with access to customer data.
To prevent a third-party breach from impacting your organization’s reputation or operations, one step you can take is an Identity Access Management (IAM) process to ensure that vendors who require access to systems and data can be authenticated and granularly identified. Most importantly, you should also establish a comprehensive understanding of what data and systems your vendors are accessing and ensure individuals can only see what they need.
Look at cybersecurity providers as an extension of your team
Gaining an expert perspective to help you assess your risks and if necessary, help you protect your data can make all the difference if your organization is targeted. There are a number of technology solution providers for Canadian organizations, but not all are created equal. Understanding your needs and undergoing due diligence checks to find providers that suit your unique needs is essential. When looking for partners to work with, ensure they have the requisite experience that is relevant to your organization’s unique needs and most importantly, that you’ll have access to a dedicated team that care as much about your organization as you do.
Regardless of your organization’s sector or its size, you are at risk of drawing unwanted attention from hackers. To learn more about the threats facing your organization and the steps you can take to prevent them.