According to cybersecurity experts, Canadian companies are often lax or unprepared when it comes to safeguarding sensitive information. The most common reason for this is that they’re unable to keep up with the fast-changing field of cybersecurity. While new threats come and go, every new technology increases the number of attack opportunities and introduces new challenges into the mix.
A recent study by Fico found that 84% of Canadian executives believed their organizations were well equipped to deal with scams and cyberthreats. Despite these lofty claims, attacks are on the rise and relatively few companies can actually prove how efficient they really are at mitigating threats. In other words, if you can’t gauge how vulnerable you are, then you’re likely to be targeted.
Let’s look at some of the most common attacks facing Canadian businesses:
Denial-of-service (DoS) Attacks
Denial-of-service attacks are commonly orchestrated against businesses by ruthless competitors, hacktivists, or IT-savvy opportunists overseas. They’re typically intended to cause disruption by overloading a target server with requests until it slows down or even stops functioning altogether.
The best way to mitigate DoS attacks is to enable specialized protection on all web-accessible servers. This is typically achieved by limiting certain network traffic or simply by limiting requests from tools like captchas or IP loggers. However, because attacks are often distributed, with traffic coming from multiple sources, businesses often need to blacklist thousands of internet addresses.
Back in September, the town of Midland, Ontario, was forced to pay a ransom of an unspecified amount to regain access to a wide range of services where critical data had been encrypted by ransomware. And according to recent research, 2017 saw a 2,502% growth in the ransomware dark web economy. It also found over 6,300 places where cybercriminals had advertised ransomware services using 45,000 ads.
Like most malicious software, ransomware typically spreads through phishing scams and vulnerable operating systems that haven’t received critical security updates. Keeping your computer systems up to date should protect you from most attacks. However, there’s no substitute for staff training, especially since most infections begin with human error.
Advanced persistent threats (APT)
Although hackers and scammers often rely on targeting huge numbers of would-be victims through spam email and instant messaging, others take a stealthier, more targeted approach. APT attacks are some of the most dangerous threats because they usually dedicate months to just a few businesses.
Due to the complexity of APT attacks, having multiple layers of security is critical for mitigating them. At the very least, you’ll need round-the-clock monitoring and intrusion detection and prevention. You’ll also need regular network audits to uncover and patch any potential vulnerabilities. Penetration testing will also help you better understand the various cyberattack strategies cybercriminals are most likely to use.
Spear phishing attacks
Phishing scams rely on exploiting human ignorance to dupe unsuspecting victims into clicking on seemingly harmless links that lead to malicious sites or software. Rather than relying on vulnerabilities in IT systems, scammers target specific employees and use personal information to trick them into trusting fraudulent emails. This is known as spear-phishing.
Company executives need to understand that no one, least of all themselves, are immune from spear phishing scams carried out by criminals masquerading as their friends or colleagues. In fact, most scams are launched against high-ranking staff, since they’re the ones with access to the highest-value information. It’s this unfortunate fact that proves no one should be excluded from ongoing security awareness training, regardless of their rank in the organization.