Canadian companies are being exposed to hundreds of cyber-attack methods every day. Some of the biggest attacks in Canada have recently included Sick Kids Hospital in Toronto, the Ontario Secondary School Teachers Federation, the University of Windsor, and Northern Credit Union, but attackers are not just looking for larger organizations. Small and medium-sized organizations (SMOs) are also being targeted.
Cyber Attacks Come in From Many Open Doors
Spear phishing is a common method to fool a person with a targeted email and have them unknowingly install malware that allows breaking into the network or installing ransomware to encrypt and lock down a network. Business Email Compromise, or BEC, is another method that threat actors use in a targeted email to persuade a person to reveal passwords or send money or provide something of value. Another common method is to scan a website, web server or web application from the Internet and find bad code or misconfiguration and exploit the error to break into the network. Then find valuable data, make a copy and transmit it out and while doing this, install ransomware for a double bounty.
The story often goes something like this:
John is an IT staff member at a small Canadian manufacturer. While on the phone helping a manager resetting his password, he is multitasking and sees an email from Antoinette, his boss, that says “Urgent!” asking John to check out a link where a hacker is claiming to have the manufacturer’s data published.
John clicks the link in order to be responsive to his boss, and his screen goes dark. He hangs up, and tries to move his mouse, but the screen remains dark. He calls Antoinette and tells her what happened, and she interrupts him and says she never sent him any such email.
Then the phones start ringing in the IT department from staff all over the company that screens are going dark. Unfortunately, it is too late, ransomware is in and data has been exported.
Soon a ransom note will appear on the screens demanding several million dollars in order to unlock the network and not have the threat actors sell the data in the dark web or have it leaked in the Internet.
Here is another common story:
Mary is the owner of a small construction services company that also provides sub-contracting to a large construction company. She recently outsourced her IT and also the development of a new website to third parties.
She logs on to the new website and notices how slow it is. She calls her IT provider to check it out. Several hours later, the IT provider says it is because there is unusual activity on the website and they are looking into it. Mary is getting nervous. An hour later the IT provider says it looks like a threat actor broke into the network from a hole in the new website and transmitted out data.
Mary is upset and demands to know how this could happen. The IT provider says they don’t know for sure and will need to investigate further. Now the questions start flying around. How could this happen? Who is responsible? What was stolen? Who is impacted? Customers, the large construction company, employees?
What should be done now?
Unfortunately, the reality today is that the 1.2 million small and medium organizations (SMOs) in Canada are a target of threat actors and are vulnerable.
Fortunately, a quick and affordable national cyber security standard known as CAN CIOSC 104, Baseline Cyber Security Controls for SMOs is now available.
“Canada has taken a leadership role when it comes to protecting SMOs,” says Sai Huda, chairman, CEO and founder of CyberCatch Canada. “This new national standard, if implemented, will dramatically reduce the possibility of a crippling cyber-attack.”
In 2022, Huda co-authored and curated the CAN CIOSC 104 Standard on behalf of the CIO Strategy Council, the body authorized to create national standards.
Keith Jansa, Executive Director of the CIO Strategy Council, explains, “SMOs have limited resources and generally don’t know what cybersecurity controls to implement or how to implement in order to be secure from cyber threats. We are pleased to have published CAN/CIOSC 104 in collaboration with Standards Council of Canada and Ministry of Innovation, Science and Economic Development (ISED). The national standard is specifically tailored for SMOs and prescribes up to 55 cybersecurity controls to mitigate cyber risk while operating successfully in the digital world.”
CyberCatch’s Compliance Manager
CyberCatch’s CAN/CIOSC 104 Compliance Manager is a state-of-the-art cybersecurity SaaS solution for SMOs that allows them to quickly and easily comply with the national cyber security standard and stay safe from cyber threats. The solution includes a toolset to implement the necessary cyber security controls with the help of a team of industry-leading cyber security experts. It also provides training to all employees while automatically and continuously testing controls to ensure there are no security holes for attackers to exploit.
“The cloud-native platform solution makes it easy and inexpensive for SMOs to comply with CAN/CIOSC 104 and maintain compliance and security. Also, a team of industry-leading cybersecurity experts guide the SMOs to success” says Huda. “SMOs in Canada are definitely vulnerable. For example, the Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR) revealed that 84% of SMOs in Canada have vulnerabilities on their websites and can easily be attacked digitally. Our mission is to protect SMOs from cyber threats so they can be safe, thrive digitally, and grow the economy.”