Blogs

Insights and recommendations to help Canadian businesses fight cybercrime

In December, IBM and The Conference Board of Canada invited Canadian leaders from a cross-section of industries, technology providers, industry regulators, government, academia, small business owners, and non-governmental organizations to a leadership roundtable to get their insights on how to strengthen Canada’s digital defences. The highlights and recommendations from that discussion are captured in the Strengthening Canada’s Digital Defences – A Cybersecurity Playbook.

Cybercrime has risen to a highly lucrative business in recent years, capitalizing on the fact the digital revolution has brought the entire world within cybercriminals’ reach. Last year, data breaches cost Canadian companies CA$6.75 million per incident on average – an all-time high for Canada and a 20% increase from the previous year.

Neglecting cybersecurity can mean a significant financial hit, but its impact can be even more far-reaching. Business leaders must realize the biggest cybersecurity risk to their organizations is believing there is no risk at all.

Fortunately, we learned from The Conference Board of Canada panel discussion that cybersecurity awareness is growing in Canada, which is good news because some security implications exacerbated by the pandemic are not going away.

For example, IBM’s recently released X-Force Threat Intelligence Index, which details the biggest attack trends and threats observed over the past year, highlighted how ransomware groups recognized the fragility of global supply chains amid the pandemic and went after the organizations which pillar them – manufacturers. The report also revealed a significant rise in attacks caused by exploiting unpatched vulnerabilities in 2021.

In Canada, ransomware was most common, making up 25% of attacks, followed by business e-mail compromise (BEC) and distributed denial of service (DDoS) attacks, accounting for 17% of attacks each. Manufacturing was the top-attacked industry in Canada with 32% of incidents, followed by energy at 21% and the healthcare and the finance industries both receiving 16% of attacks.

This new Cybersecurity Playbook provides valuable insight for better understanding of the current threat landscape, as well as tangible and tactical recommendations to prevent and combat cybercrime.

Key Findings

In the face of increasingly costly and frequent cyber attacks, Canada needs to strengthen its digital defences. This is especially true for the increasingly interconnected critical infrastructure upon which our society relies.

• When it comes to cybersecurity culture and skills, organizations should make training essential, work to make education and training resonate with every employee, exercise their cyber response regularly, and explore meaning-focused hiring and retention strategies.
• Technology has a role in keeping organizations secure with automated threat prevention, detection, and resolution capabilities. Good internal audit practices and the ability to use solutions that will enable security automation are critical.
• Technology is a double-edged sword that often introduces new vulnerabilities. When updating old technologies, organizations should integrate cybersecurity into the process, rather than treat it as an afterthought. Similarly, during these updates, organizations should re-evaluate the cyber risk of their partners to keep their overall exposure in check.
• The cybersecurity ecosystem needs to continue growing and gaining strength in Canada. There is strength in numbers, both within organizations and in interorganizational networks of information sharing and collaboration. It is also important that organizations stay current with the latest and best international standards and regulations.