How can your company protect and defend against cyber threats
The Government of Canada introduced a Bill titled C-26 on June 14, 2022. Under this bill, the government seeks to enact the Critical Cyber Systems Protection Act (“CCSPA”). The CCSPA is comprehensive legislation addressing the “longstanding gaps in the government’s ability to protect the vital services and systems Canadians depend on.”
Once the bill is passed, the government will have the power to designate services and servers critical to the nation’s national security and public safety. In addition, the CCSPA will designate cyberservice and security operators to establish a cybersecurity program that will immediately report cybersecurity incidents and maintain compliance records.
The bill is undoubtedly a timely measure, but what premises prompted the government to take this action?
Why You Should be Concerned about Cybersecurity
Statistics Canada reported that 21 percent of Canadian businesses were affected by cyber breach incidents in 2019 and spent $7 billion on data prevention, detection and recovery.
According to a recent survey, 55 percent of last year’s cyberattacks in Canada were ransomware. A Sophos report also found that 46% of organizations with data encrypted in a ransomware attack paid the ransom. The average ransom reached $812,360, with some companies paying up to $1 million. Although these figures were from a global survey, not limited to Canadian organizations, the impact of a cyberattack on an SME in Canada can be severe.
Along with ransom demands, businesses also face other cybersecurity attacks with unknown motives. More than an IT issue, these attacks should be considered an enterprise risk as attackers can steal personal or financial information, which impacts businesses.
The 2021 Security Study by CDW Canada found a decrease in cyberattacks compared to 2020.
However, the average cost per organization of responding to and recovering has increased. Comparitech shows that, according to Canada Cyber Security and Cyber Canada, organizations increased their IT budgets by 4.7% in 2020 by installing anti-malware software, email security, and network security to protect their information and communication technologies.
Small businesses can be particularly vulnerable to a cyberattack as they often lack dedicated cybersecurity teams to implement security policies and solutions. Cyberattacks should not be ignored and handled by regular employees, as the impact of an attack on small businesses can be severe. A small business often cannot afford to pay the huge ransom demanded by the hackers, and the costs to recover from an attack can also be quite steep. It is not just the monetary loss that should be considered in the event of a data breach. The loss of customer trust over the lack of protection of their sensitive information can also negatively impact a business.
Security measures should be taken regardless of the size of the company. A large company can more easily cover the ransom and/or recovery costs, but for a small business, a cyberattack can potentially lead to the end of their enterprise.
7 Steps to Help Prevent Cyberattacks
It is impossible to be completely safe from cyber threats in the digital age. Still, taking the necessary precautions to limit the risk and minimize the damage in the event of a breach is critical. Therefore, each small business should ensure a cybersecurity plan is in place to reduce the intensity of damage to their data and information.
Partnering with organizations like CDW will help SMBs develop security plans to identify the best solutions for their business according to their budget. In addition, such organizations can offer cybersecurity experts to help small businesses implement protective solutions. With the assistance of CDW, small businesses can take these seven preventive measures against cyberattacks.
01 – Employee Training
Falling for a fraudulent situation and giving up their log-in information is often the first pitfall of any cyberattack and can happen to any employee.
Hence, employee training is at the core of protecting organizations as a defence against cyberattacks. You will want to educate your employees on how to spot phishing emails to keep them on alert.
02 – Implement a Zero-Trust Policy
By implementing zero-trust architecture as a security solution, users and devices will be required to prove their identities and trustworthiness before accessing the network.
It follows the principle of continuous verification, wherein a user’s access is always verified, all the time, for all resources.
03 – Secure Mobile Devices
Mobile devices can be safeguarded by using endpoint security tools and mobile management solutions to protect the device from attacks and control access to these devices.
04 – Secure Websites and Applications
Hackers can disrupt the network through DDoS attacks, HTTP floods, SQL injections, or cross-site scripting.
To prevent such situations, applications should be protected using processes and tools such as next-generation firewalls (NGFWs) and following code compliance.
05 – Configure Devices Securely
Default passwords should be changed.
Insecure default device settings should be reviewed and disabled including functionality not being leveraged.
It is recommended to adopt secure product configuration files such as the CIS (Center for Internet Security) Benchmarks.
06 – Backup and Encrypt Data
The backup and recovery process is the final line of defence for organizations against cyber attacks and ransomware.
Hence, it is crucial to have a unified, modern data backup and recovery solution that enables rapid recovery during a cyberattack.
07 – Network and Perimeter Security
Installation of NGFWs can create a perimeter boundary between an organization’s intranet and the external or public-facing internet. As a result, this reduces the risk of vulnerabilities and improper device/security policies being exploited by cyber attackers.
For small businesses, for whom cyberattacks can be difficult to recover from, a suitable cybersecurity plan that meets their requirements and budget is important.
CDW Canada can assist SMBs by creating custom security plans and solutions based on the user’s requirements, budget, business vertical, and their current cybersecurity setup to implement the solutions according to the industry’s best practices.
CDW partners with leading cybersecurity firms like Sophos to provide advanced endpoint protection and next-generation network security.
Sophos can protect the entire business with a single management console. In addition, the data will be protected from the latest and even unknown threats with the help of Sophos Adaptive Security, which utilizes automation and human operators to learn and improve Sophos hardware and software systems continuously.
To learn more about CDW’s cybersecurity solutions, please visit CDW.ca/security.