Cybersecurity is an issue, not a priority
Canadian biz in the dark on what to do about vulnerabilities.
We all know cyberattacks are an issue in today’s interconnected world, and it isn’t strictly a concern of large firms.
A recent PwC survey of Canadian private companies found that 88% of them agreed or strongly agreed that cybersecurity is important. But most are more in the dark about what they need to do, where their vulnerabilities lie and what to do about them.
Just because a company does not accept credit card payments or store personal information does not mean it will be immune to a cyberattack. Attacks also target health information, SINs and employee lists, as information brokers in the black market place increased value on personal data.
There are legal implications for a company that is used to gain access to information from another company. Companies need a well thought-out cybersecurity and privacy strategy, along with the right skills and resources to implement it to thrive in today’s rapidly changing risk environment.
Protect your business
The cost to a hacked business may be measured by loss of customers, lawsuit payouts, interruption to business or reputational damage. PwC says protecting against cyberattacks needs to be seen as a business imperative, not discretionary spending.
“Investing in cybersecurity will pale in comparison to the costs associated with being in the middle of a large scale breach,” said David Craig, leader of PwC’s risk assurance services cybersecurity and privacy practice.
Companies do not need to invest in off-the-shelf packages, but should instead consider customized and scalable options that address specific vulnerabilities and the protection of critical information.
PwC suggests taking the following steps:
- Understand your cyber ecosystem and where blind spots exist.
- Identify your most valuable data and who has access to it.
- Train employees as a first line of defence.
- Implement suitable controls over the most sensitive data from the most likely means of compromise.
- Have protocols in place that identify responsible parties in the event of a breach.
These steps are important to protect operations in Canada, but it may also be necessary to prove the right protocols are in place to do business with companies in the US. And it’s certainly necessary for a company looking to grow its business in international markets.