The alarm bells went off just as our conversation about cybersecurity started.
And just as Cybersecurity Month (an internationally recognized campaign held every October to inform us all about the importance of cybersecurity) got underway.
The latest reports about cybersecurity are deeply disturbing: Forty-four per cent of Canadian organizations say they suffered a cyber attack in the last 12 months. More than a quarter of them reported it hurt their organization’s reputation and cost them customers.
Cybercrime is affecting public and private organizations, large and small. It’s impacting business relationships up and down the supply chain, from makers to market. And it’s costing us trillions of dollars every year!
So, yes, alarms should be ringing.
But in our case, the bells signalled a possible fire situation. A clear reminder that physical security is as important as cybersecurity.
But there was also a reminder that we know, almost automatically, what to do in case of fire. We’ve been trained over the years in good fire behaviour; it’s a good habit to have.
The folks at CIRA, whose responsibility is cyber not fire safety, want us to have good cybersecurity habits, too. We should use 2FA (two-factor authentication). We should be up-to-date with our software. We should delete suspicious emails. We should know what social engineering is, how it’s used and how to avoid or counteract it.
CIRA is the Canadian Internet Registration Authority, the Ottawa-based IT services organization manages Canada’s Internet domain name registry (well over three million registered).
But CIRA also works to build a safer and more secure online environment through a multi-faceted approach that includes cybersecurity consultation and advice, both to users and policymakers; cyber education and awareness training for companies and individuals; and a suite of cybersecurity tools and services, including the free CIRA Canadian Shield app for individuals and households, and the CIRA DNS Firewall and Anycast DNS cloud-based security solutions used by businesses and organizations.
“[O]rganizations are waking up to the liabilities and risks they face. Customers demand businesses safeguard their data and organizations want to ensure that those they work with have proper cybersecurity measures in place,” Jon Ferguson, Vice President, Cybersecurity & DNS, CIRA, said while citing results from CIRA’s annual Cybersecurity Survey.
It’s not just special or high-value targets that face those liabilities, he says. “Everybody is at risk if you connect to a network.”
The CIRA survey shows that cyber crime is driving customers away from impacted Canadian businesses – reports about reputational damage to organizations due to cyber attacks have quadrupled in recent years.
Canadian businesses are not just losing money, they’re losing data, customers, operational capability and years of growth potential because of cyber attacks.
Ferguson knows that, without widespread adoption of good cybersecurity behaviours across the board, Canadians pay the price. Among those companies that experienced a ransomware attack, some four out of five opted to pay (in hopes of recovering stolen data), shelling out anywhere from $25,000 to $100,000 each.
There are additional costs, the CIRA survey pointed out: two out of ten businesses impacted by a cyber attack experienced direct costs, like loss of revenue, or IT system repair and recovery costs. Almost three quarters of those impacted say it took almost a month to get their systems back up and running as before, with a corresponding loss of business productivity.
Meanwhile, the increasing volume of cyber incidents in 2024 has led more organizations to seek what they think is a form of protection: cybersecurity insurance. More than eight in 10 organizations have cybersecurity insurance coverage, up from 59 per cent in 2021.
But leading insurance providers are implementing more restrictive measures considering the volume of cyber incidents and amounts of ransomware pay-outs; most organizations with a policy said their provider changed the coverage, be that a change in the verification of client security measures, a change in eligibility criteria for obtaining/renewing coverage, reduced reimbursement amounts for ransomware attacks, and of course, increased premiums.
In light of these alarming developments (and others cited in its survey and report), CIRA continues to develop new cybersecurity technologies and services while turning a spotlight on the weak link in the chain: us.
“Humans are creatures of habit,” Ferguson underscores. “So we’re trying to form good cyber habits.” Through education, for one. Cyber awareness is key, and much like learning to get a driver’s licence or studying for WHMIS workplace health and safety certification, there should be cyber training standards, refreshers and sanctioned tests. (CIRA offers its Cybersecurity Awareness Training with integrated courseware and a simulation platform.)
Of course, regulation is important and CIRA provides advice and consultation to policymakers and government officials about cyber surveillance and security baseline standards, as well as new rules, regulations and legislated enactments such as Canada’s cybersecurity Bill C-26, now in the Senate.
Implementation – acting out our good habits – means using existing tools and technologies to fight cybercrime. Two-factor authentication for all logins is again mentioned.
“This is cyber month, and in the presence of nothing else, that’s great. We say ‘keep repeating it’ throughout the year. Until it becomes habit.”
Hoping to get us all hooked, CIRA gives away some good stuff for free.
CIRA Canadian Shield is a free cybersecurity service that boosts online privacy by anonymizing DNS queries (generated when we type a website address or click on a link to reach a certain site, the Shield checks if the site is safe). The made-in-Canada software helps block viruses, ransomware and other malware. Just in the past year, CIRA has added a new browser extension or plug-in to make online safety even easier, as the add-on brings added online protection without any technical skills or set-up required.
CIRA DNS Firewall is a cloud-based cybersecurity solution that protects organizations from malware, ransomware, phishing and other cyber attacks. Customers value the extra defence it provides to their existing technologies, staff and customers. CIRA says it protects more than seven million people in hospitals, schools, universities and businesses using the service, blocking an average of 45 million malicious queries per month last fiscal year.
CIRA stretches its good cyber security habits throughout the year; in just one other example of extending Cyber Month 2024, there’s a five-week cybersafety campaign rolling out now from the government providing lots of information about cybersecurity, how to identify our online strengths and weaknesses, how to implement best cyber practices and how to maintain them.
Like a good habit.
# # #
-30-