Acer. CNA Insurance. National Basketball Association (NBA). University of the Highlands and Islands. Capital One. Microsoft Exchange Server. Desjardins. Jewish General Hospital.
Can you guess what these organizations have in common?
They were victims of a major cyberattack between 2020 and 2021.
What is a cyberattack?
According to the Canadian Centre for Cyber Security, a cyberattack is a malicious attempt to gain unauthorized access to a computer system with the intent to cause personal or reputational harm. Although the perpetrator may appear to be faceless, a cyberattack itself can have many faces.
Typically, cybercriminals steal personal information — such as social insurance numbers (SIN), credit card numbers, banking details, or confidential data — and use it to manipulate or exploit an individual or organization.
As companies around the world transition to remote work in response to COVID-19, the threat of an impending cyberattack becomes more palpable. With time, these attacks have not only proliferated, but grown increasingly sophisticated in design.
Case in point: ransomware. This is a form of malware used by hackers to infiltrate a system, encrypt data, and block internal access. Ransomware attacks put the company in a vulnerable position as hackers retain exclusive access to sensitive information and demand exorbitant ransom payments in exchange for its release. According to an annual report on global cybersecurity, there were a total of 304 million ransomware attacks worldwide in 2020, marking a 62 percent increase from 2019.
Cybersecurity incidents around the world
In recent years, cyberattacks have not only skyrocketed, but also cost the global economy a whopping $1 trillion. This is 50 percent higher than the rate predicted in 2018. In 2021, cybersecurity incidents rose by 40 percent around the world. During this time, the average cost of a data breach rose from $3.86 million to $4.24 million. Organizations that took the biggest hit belonged to the education/research sector (60 percent increase from 2020), followed by healthcare (55 percent increase), and government/military (40 percent increase).
Supply chain and retail have also been under strain. In 2019, these sectors faced nearly 300 attacks — mostly in the form of company-crippling ransomware — which significantly impacted supply and demand during the global pandemic. This sharpened the contrast between corporations who could dynamically visualize and monitor supply chain risks, versus those who could not.
Based on the list of major attacks that took place in the last two years, it’s clear that cybercriminals do not discriminate between industry, size, or location. This is now a global phenomenon that endangers everyone: big corporations, small-to-medium sized enterprises (SMEs), and individuals like you and me.
How does cybercrime affect individuals?
There are a multitude of ways in which an organizational security breach could jeopardize your personal life. For example, insurance companies and hospitals manage a secure archive of confidential data, including medical, financial, and employment records. This is confidential information on YOU, and it’s precisely the type of data that hackers are looking to access, so they can sell it on the black market or hold it for ransom. This is how compromised security at an organizational level puts you — the individual — at risk.
On a personal level, most of us have already, at some point, received unsolicited calls from an imposter claiming to be associated with a federal organization, such as the Canada Revenue Agency (CRA), Service Canada, or Immigration, Refugees and Citizenship Canada (IRCC). Similarly, we’ve seen a rise in the number of suspicious emails and messages that play on our heartstrings or generate a false alarm in order to steal our private information — a trend commonly known as a phishing attack.
Cybercriminals now have the resources and capability to make direct contact with the customer, which could potentially trigger financial loss, emotional grief, and a long expensive struggle to regain control of one’s life — as in the case of identity theft.
For corporations, it could take millions of dollars to regain access to their operations, security system, or frozen data. But for an individual, the risks are manifold. Depending on the situation, you could lose anything, from your house or car to your entire savings and retirement funds. Worst of all, you could be held accountable for any fraudulent activity committed under your name, including financial fraud, maxed out credit cards, and deviated down payments, just to name a few. To add insult to injury, you may have to undergo a painstaking process to prove your own identity to the authorities while the perpetrator roams free.
In some cases, this could even turn into a matter of life and death. In late 2020, for example, a patient died as a result of a hack on Düsseldorf University Hospital’s computer systems, marking the first-known fatality linked to a ransomware attack.
The cost of working from home
Since the normalization of remote work, more and more people are checking work-related emails on their personal devices, essentially taking their work with them wherever they go. Having this flexibility certainly makes your job easier, but also increases your susceptibility to a cyberattack. Consider for a moment that an estimated 94 percent of malware is delivered via email, with 90 percent of malware hidden in common office files such as PDF, Word, Excel, and Zip. Not to mention, we can now integrate almost every form of technology we own — energy control systems, personal computers, cell phones, and cars — using smart devices, which inadvertently makes our data more accessible to a potential hacker.
In addition, private networks have officially become a gateway to larger corporate networks, opening the doors to potential security breaches. Recovering from these breaches can be incredibly costly. Just ask companies in Germany that incurred around 53 billion euros ($62 billion) worth of damages from cyberattacks as they transitioned to remote work during the pandemic.
Cyberattacks: then and now
1 out of 4 Canadians fall victim to a cyberattack — and it’s easy to understand why. A growing number of people are facing economic and social hardships as a result of the pandemic, in turn making us more afraid and vulnerable. Since it’s difficult to keep up with the rapidly evolving methods employed in a cyberattack, the number of targets continues to climb.
When it comes to recovering the costs associated with company-wide ransomware attacks, insurance companies simply can’t keep up with the staggering number of claims. A 2020 report by the National Association of Insurance Commissioners (NAIC) reveals that premiums for cybersecurity grew by 29.1 percent in 2020, largely in response to escalating cyberthreats during the pandemic.
All hope isn’t lost, however.
While cybercrime continues to rear its ugly head in our personal and professional lives, individual and organizational efforts toward cybersecurity remain strong and steadfast. Through ongoing cybersecurity awareness and training, companies around the world are now educating employees on how to exercise caution, especially with work-from-home protocols currently in place. As a matter of fact, Quebec recently established the Ministère de la Cybersécurité et du Numérique (Ministry of Cybersecurity and Digital) to highlight the importance of cybersecurity and the government’s role in advancing it.
Cybersecurity and innovation
According to tech giant IBM, cybersecurity is “the practice of protecting critical systems and sensitive information from digital attacks.” This means adhering to strict security protocols across the organization, and using a layered defense approach when it comes to technical elements as critical infrastructure, software and devices, network, cloud, Internet of Things (IoT), etc.
For these elements to work effectively, however, it’s imperative that companies take pre-emptive measures to protect their weakest link — their employees — by training them on a regular basis and routinely backing up data. Preventive education is integral to the success of any cybersecurity strategy, as it teaches companies how to identify and prevent various forms of attack — especially corporate infrastructure relying on virtual private networks (VPNs) — and introduces new ways to amp up security on personal devices, such as setting up multi-factor authentication and biometric fingerprint reading, and practicing good password hygiene.
This is also where innovation comes into play.
Since cybercriminals are notoriously quick and agile in adapting their tactics, it’s incumbent upon companies to practice vigilance, innovate, and stay ahead of the curve. This means obtaining cybersecurity certifications where needed to avert potential attacks, and staying abreast of new developments in the cybersecurity realm.
Keep an eye on emerging technologies today and learn how innovation can aid in protecting and sustaining your operations tomorrow. Is your organization equipped for next-generation firewalls? Do you know how artificial intelligence (AI) can help you achieve your security goals down the line? What will you do to ensure data security when quantum computing becomes a commercial reality? These are but a few questions that can allow you to think big and plan ahead.
Safety first
Ultimately, the most effective way to protect yourself is to raise cybersecurity awareness, ensure that employees understand the gravity and repercussions of a real cyberattack, and mitigate internal risks by cultivating a strong security culture rooted in education and training. In other words, look at this as an opportunity to think outside the box and redefine security as a collective practice no longer confined to your IT department.
Remember: when an organization is attacked, it’s individuals like us who bear the brunt. During these unprecedented times, no country, institution, organization, or person is immune to a pervasive digital attack. And that’s exactly why cybersecurity is now part of a global economic, social, and political conversation.
