In our previous article, “Cybersecurity statistics: What Canadian businesses are reporting,” we took a quick look at evidence for placing apt concern on data security. We follow this up by examining how companies and their customers are adversely affected by cybercrime.
Resolving data breaches in Canada has been (and will continue to be) expensive
According to IBM’s Ponemon Institute, Canadian organizations spent the most money for direct costs among firms across the world to resolve incidents concerning compromised data in general. Direct costs — i.e., expenses for forensic expert consultations, hiring law firms, or providing victims with the means to protect their identities — averaged US$86 per compromised record.
Related article: What Canadian businesses must learn after spending $14B on cybersecurity
Indirect costs — such as those incurred by human resources to contact victims and investigate incidents, customer churn, and loss of goodwill — were the second-highest at US$116 per record.
Canadian companies spent even more on direct and indirect costs to resolve data breaches due to malicious or criminal attacks in particular — US$213 per record, which was second only to the US$258 per record that US companies paid during the same time period.
Businesses now need to be more vigilant against new cybercrime methods
Hackers are innovative fellows who are always on the lookout for easier and less risky ways to get to you and your data. Below are some of their newer and more popular schemes as of late:
Whaling
The targeting of executives who have the authority to issue budget or purchase imbursements. Here, a cybercriminal poses as an employee from a relevant department, usually by mimicking that employee’s real work email address, and asks the “whale” to send funds to an account that the criminal controls.
Taking advantage of outdated point-of-sale (POS) systems
Cybercriminals can infect old POS systems with malware that obtains customer information, disrupts business operations, changes prices, and places fraudulent orders, among other illicit activities.
Zero-day attacks
Bad IT actors are increasingly exploiting zero-day vulnerabilities, i.e., software and hardware flaws that are unknown to the manufacturers. Firms that do not implement patch management or real-time cybersecurity monitoring are especially wide open to such attacks.
Infiltration via shadow IT
Hackers infect employees’ unvetted devices with malware, which spread across company networks when device users connect to them.
Data security breaches affected tens of thousands of Canadian customers in 2018
Just in case you’ve missed important headlines for the past year and have come to think that cybersecurity breaches are not a big deal, here are some snippets that prove otherwise:
Related article: Cybersecurity statistics: What Canadian businesses are reporting
January
Bell Canada alerted some of its customers that hackers illegally accessed personal information. Names, email addresses, and account usernames of nearly 100,000 customers were accessed.
April
Hudson’s Bay Company discovered a data security issue involving customer payment card data at its North American stores.
The Halifax Regional Centre for Education closed down its enrollment system for its EXCEL program after users reported being able to see personal information of people who had finished their registration.
May
The Bank of Montreal and Canadian Imperial Bank of Commerce’s Simplii Financial online bank publicly disclosed that they were investigating reports of breaches of customer information.
- A spokesman for the Bank of Montreal stated that the accounts of fewer than 50,000 customers were hacked, though the Bank was “confident that exposures identified related to customer data have been closed off.”
- Personal and account information of approximately 40,000 Simplii clients may have been accessed by would-be perpetrators of fraud.
August
After detecting unusual login behavior with their mobile app, Air Canada sent a notice to all its 1.7 million app users to reset their passwords. It acknowledged that approximately 20,000 profiles may have been accessed by bad actors.
Cybercrime is a scourge that impedes Canadian businesses especially as of late. Give your business the best protection it deserves — contact our cybersecurity experts at XBASE Technologies today.
Like This Article?
Sign up below and once a month we'll send you a roundup of our most popular posts