“While 68 per cent of Canadian businesses surveyed say they are considering implementing data governance processes, many have not put these plans into place yet,” says Steve Small, Director of Sales, Blair Technology Solutions.
He says many organizations don’t fully consider the short-term and long-term impacts of a breach. “They often do not realize all the financial, reputational and operational implications.”
Addressing the cybersecurity challenge isn’t just up to IT, explains Roger Ouellet, Director of Security Practice, at NOVIPRO (Blair's sister company).
“Cybersecurity is a business decision, but the problem is that most often there’s not enough management involvement from all of the departments,” he says.
Buy-in and collaboration is critical
What helps an organization to bolster defences? That requires buy-in and collaboration from all areas of a business, from marketing to finance to human resources, working in conjunction with IT.
“When we do a business impact analysis we always talk to each unit, trying to understand their need. What do they need to secure and where can it fail? From that, we map it to IT,” says Mr. Ouellet.
In the IT Trends Report, 91 per cent of respondents indicated confidence in their IT teams when it comes to security. Yet, the report noted that “respondents should perhaps not be so confident in their preparedness given overall lack of investment in cybersecurity training, solutions and insurance.”
The survey found that 21 per cent of respondents reported that their company had been the victim of a cyber threat. That may be low, states the report, as companies are likely to under-report attacks due to the reputational risk, or may not even be aware of breaches that can go undetected for extended periods.
This highlights the fact that cyberattacks can come from all corners. The IBM X-Force Threat Intelligence Index 2024 reports that “Cybercriminals are increasingly logging in rather than hacking into networks through valid accounts.” Last year, that became the most common entry point into victims’ environments.
“Cybercriminals are exploiting pilfered login details, emails and other personally identifiable information to gain unauthorized access to confidential data, and exploiting generative AI to fabricate convincing fake identities to mislead unsuspecting victims,” says Chris Sicard, IBM Canada’s Security Consulting & Delivery Leader.
He notes that AI is also playing a pivotal role in combatting cybercrime. “By harnessing AI-driven solutions, both individuals and organizations can fortify their cybersecurity measures and safeguard sensitive information from cybercriminals intent on data theft.”
Trusted employees still need training
With cybercriminals unlocking precious data instead of breaking in, “You need to make sure your people know how to lock the door,” says Mr. Ouellet.
According to IT Trends, 91 per cent of Canadian companies trust their IT teams when it comes to security, but as IBM X-Force shows cybercriminals often circumvent these defenses by using legitimate accounts to gain access. Therefore, businesses should ask: Are all employees trained to keep the business safe?
Mr. Ouellet suggests using a zero-trust network access system, which requires authentication for any remote access by employees.
Employees are also a massive gateway to a company’s most sensitive material. NOVIPRO Group’s IT Trends report found that 40 per cent of cyber threats are the result of malicious internal resources.
“There’s a misconception that threats are only posed by outsiders operating through ransomware, phishing or spear-phishing attacks,” says Mr. Small. “It is critical to train and monitor employees with access to sensitive data, and implement rigorous security measures to protect this data.”
Practice the plan
Beyond the steps to protect data and train employees, what makes for a best practices strategy? Organizations need to run through scenarios regularly to ensure everyone knows what to do before, during and after an attack.
“You need incident response planning. It’s not enough to have the plan, you need to practice the plan and keep track of the lessons learned after every practice run,” says Mr. Ouellet.
In today’s digital world, threats are continually evolving, meaning companies need to take enhanced measures to keep up, including developing a Business Continuity Plan (BCP). Blair has created a resource that outlines the steps needed to put together an effective BCP.
Investing sufficient time and money into combatting cyberattacks should be a priority for any organization or any type and any size, says Mr. Ouellet.
While the IBM report notes a big increase in attacks on industrial targets, with manufacturing leading the way, anyone can be vulnerable.
“Stop believing that because you’re smaller that it’s not going to happen,” says Mr. Ouellet. “It will happen – it’s just a matter of when.”
Want to learn more?
Discover all of our cyber security articles
Read our article 5 common myths about cybersecurity
Download our free case study on secure communication networks