Canada is in the midst of a cybersecurity culture shift. Decision-makers who improve their network protections will separate themselves from vulnerable outfits.
Given the number of cybersecurity applications available, it may be difficult to fathom that upwards of 20 percent of all Canadian businesses suffer breaches annually. Making matters even worse, approximately 28 million residents are similarly impacted, according to the Office of the Privacy Commissioner of Canada (OPC). If those stats tell us anything, it’s that Canada sorely lags in terms of cybersecurity.
The seriousness of Canada’s lacking cyber-defense has many industry leaders concerned that their organization may be vulnerable. Corporate decision-makers are wise to be fearful that simple missteps in information management can leave them exposed. A recent article in IT World Canada highlights how cybercriminals can ferret out bits of data strewn about on platforms such a GitHub and use that to penetrate a business network.
According to the IT World Canada report, security researcher Jason Coulls uncovered a pair of open accounts on GitHub. One was so outdated that it would be of virtually no use to a hacker. But the second could be another story.
“It has device identifier, customer’s phone number, how much they paid for it, how much Rogers paid in subsidies, what is on their plan. By most definitions, that is a breach. It’s not a big one, but it’s a breach,” Coulls reportedly said.
Regardless of whether a nefarious individual discovered and leveraged the data remains beside the point. What’s essential to take away from reports such as this is that too many Canadian businesses are, basically, low-hanging fruit ready to be plucked. The question for industry leaders is: What can you do to prevent a breach?
In many ways, the GitHub incident demonstrates the extreme vulnerability of Canadian organizations. In that case, source code had been randomly left unprotected on a platform. That particular security researcher apparently scours that and other platforms for banking data and has found some. That’s a frightening reality to everyday people who could have their personal and financial histories put at risk.
If you have valuable data on your company’s network or have worked with outside developers, it’s in your best interest to bring in a third-party cybersecurity consultant. Consider having an impartial review of your network, cybersecurity protocols, and discuss next steps strategies for enhanced cybersecurity measures. These may include the following.
Heightened awareness about Canadian hacks has only recently begun to gain media traction. That’s largely because the Canadian government did not require organizations to report threats that “pose a real risk of significant harm to individuals” until 2018.
“Since reporting became mandatory, we’ve seen the number of data breach reports skyrocket,” the OPC reportedly stated. “Some of those reports have involved well-known corporate names, but we have also seen significant volumes coming from small- and medium-sized businesses.”
There’s little doubt that Canada is experiencing a culture shift due to the increased awareness about imperiled corporate data. In the coming months, companies that improve their cybersecurity positions will separate themselves from those who are at-risk. Or, shall we say, the low-hanging fruit.
If you are responsible for the safety and security of valuable company and customer data, the experienced professionals at Fuelled Network are prepared to conduct a full review of your operation and work diligently with you to implement a top-tier cybersecurity strategy. Call one of our experts at 613-828-1280 for a consultation.