Connect with us

Technology

Companies must focus on managing cyber attacks, not eliminating them

Published

on

Companies trying to stay ahead of the increasing threat of cyberattacks need to be cognizant of one simple fact: there is no perfect antidote or turnkey solution against criminals bent on breaching their systems. (Photo by WOCinTech Chat/Flickr, CC BY 2.0)

Companies trying to stay ahead of the increasing threat of cyberattacks need to be cognizant of one simple fact: there is no perfect antidote or turnkey solution against criminals bent on breaching their systems. (Photo by WOCinTech Chat/Flickr, CC BY 2.0)

TORONTO — Companies trying to stay ahead of the increasing threat of cyberattacks need to be cognizant of one simple fact: there is no perfect antidote or turnkey solution against criminals bent on breaching their systems.

“Everyone is hacking into everything,” said Benoit Dupont, professor of criminology at the University of Montreal and the Canada Research Chair in Cybersecurity.

“Even the most secure, aware organizations like the top intelligence agencies in the world get hacked,” he said, pointing to a report in the New York Times last month that the cyberweapons developed by the National Security Agency to spy on other countries are now being used against it, thanks to a leak.

The number of Canadian businesses experiencing losses of $1-million or more rose to seven per cent from just one per cent two years ago, according to a 2017 report by the Canadian Chamber of Commerce.

With each passing year, hacking has become more dangerous, sophisticated and difficult to prevent — and solely ramping up spending on cybersecurity is not a viable solution for any organization, experts warn.

What’s required when it comes to cyber preparedness, Benoit and others argue, is a radical overhaul of the entire ecosystem that accounts for the significant role that human error plays in breaches — from confidential data sent to insecure home systems, to phishing schemes that rely on tricking people into giving up sensitive information belonging to their employer.

At a minimum, organizations should ensure that mechanisms are in place to minimize the damage caused by inevitable cyber-infiltrations so that if criminals are able to breach a system they won’t necessarily be able to exit with anything of value.

That starts with prioritizing the information that organizations must protect, said Christian Leuprecht, national security expert at the Royal Military College and Queen’s University.

“People think there is such a thing as privacy and that you can keep things secret. We need to come to the realization that’s not possible,” said Leuprecht.

“We need to say 90 per cent of stuff that becomes public, we can live with that. And here’s the stuff that we have to protect at any and all cost, and where we’re going to put all our efforts into protecting that.”

Surprisingly, encryption — in which data is translated into a secret code that can only be accessed by using a secret key or password to decrypt the documents into plain text — is one measure few companies seem to be adopting, said Satyamoorthy Kabilan, director of national security and strategic foresight at the Conference Board of Canada.

“The fact that every time we hear about someone’s system being breached and people are able to read the details tells you a lot,” Kabilan added.

Encryption, however, isn’t a viable long-term cyber-strategy for companies that need to have constant access to data themselves, according to Andre Boysen, chief identity officer at Toronto-based SecureKey.

“It’s going to make it harder for the business to read the data,” he said. “It’s got limited usefulness.”

Typically, such companies instead rely on constantly monitoring what’s happening on their network — a feat no human can succeed at, even with organizations leveraging more artificial intelligence and algorithms to determine suspicious activities and identify them before hackers get access to their crown jewels.

“We always assume people are hacking near perfect systems,” said Leuprecht. “We have major human errors in the way the systems are set up. Most people actually run terrible operations including some of the largest in the country.”

Failure to patch and update systems is another area where human error causes critical fallout, Kabilan noted.

“It’s so much of a non-starter that it’s not being done,” he said, referencing the WannaCry ransomware attack, which infected hundreds of thousands of computers in May and scrambled data at hospitals, factories, government agencies, banks and other businesses around the world.

“(WannaCry) spread because some people clicked on a link but the reason it proliferated was that it took advantage of an unpatched system.”

Organizations need to get a better handle on setting up simple deterrents to make it as unattractive as possible to try to steal information, said Leuprecht.

“For instance, if you’re storing credit card information, or things that have lots of numbers, you can create fake versions of them … So if somebody gets a hold of all these numbers they don’t know what the fakes are and what the real ones are,” said Leuprecht.

“If you’re just an organized criminal operation that’s trying to extract financial data, you don’t want to invest millions of dollars and hours trying to sift through all the data to figure out what’s real, what’s fake, what’s usable.”

Other effective methods not being used by companies are exfiltration detectors that examine outgoing data and block any documents that are intended to remain inside the network, he added.

“This is not rocket science,” said Leuprecht. “You have a water main break, you shut it down.”

 

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Maria in Vancouver

Lifestyle1 week ago

Nobody Wants This…IRL (In Real Life)

Just like everyone else who’s binged on Netflix series, “Nobody Wants This” — a romcom about a newly single rabbi...

Lifestyle2 weeks ago

Family Estrangement: Why It’s Okay

Family estrangement is the absence of a previously long-standing relationship between family members via emotional or physical distancing to the...

Lifestyle2 months ago

Becoming Your Best Version

By Matter Laurel-Zalko As a woman, I’m constantly evolving. I’m constantly changing towards my better version each year. Actually, I’m...

Lifestyle2 months ago

The True Power of Manifestation

I truly believe in the power of our imagination and that what we believe in our lives is an actual...

Maria in Vancouver3 months ago

DECORATE YOUR HOME 101

By Matte Laurel-Zalko Our home interiors are an insight into our brains and our hearts. It is our own collaboration...

Maria in Vancouver4 months ago

Guide to Planning a Wedding in 2 Months

By Matte Laurel-Zalko Are you recently engaged and find yourself in a bit of a pickle because you and your...

Maria in Vancouver4 months ago

Staying Cool and Stylish this Summer

By Matte Laurel-Zalko I couldn’t agree more when the great late Ella Fitzgerald sang “Summertime and the livin’ is easy.”...

Maria in Vancouver5 months ago

Ageing Gratefully and Joyfully

My 56th trip around the sun is just around the corner! Whew. Wow. Admittedly, I used to be afraid of...

Maria in Vancouver5 months ago

My Love Affair With Pearls

On March 18, 2023, my article, The Power of Pearls was published. In that article, I wrote about the history...

Maria in Vancouver6 months ago

7 Creative Ways to Propose!

Sometime in April 2022, my significant other gave me a heads up: he will be proposing to me on May...