Companies must focus on managing cyber-attacks, not eliminating them

Companies must focus on managing cyber-attacks, not eliminating them

TORONTO — Companies trying to stay ahead of the increasing threat of cyberattacks need to be cognizant of one simple fact: there is no perfect antidote or turnkey solution against criminals bent on breaching their systems.

“Everyone is hacking into everything,” said Benoit Dupont, professor of criminology at the University of Montreal and the Canada Research Chair in Cybersecurity.

“Even the most secure, aware organizations like the top intelligence agencies in the world get hacked,” he said. Last month, the New York Times reported that the cyberweapons developed by the National Security Agency to spy on other countries are now being used against it, thanks to a leak.

The number of Canadian businesses experiencing losses of $1-million or more loss rose to seven per cent from just one per cent two years ago, according to a 2017 report by the Canadian Chamber of Commerce.

With each passing year, hacking has become more dangerous, sophisticated and difficult to prevent — and solely ramping up spending on cybersecurity is not a viable solution for any organization, experts warn.

What’s required when it comes to cyber preparedness, Benoit and others argue, is a radical overhaul of the entire ecosystem that accounts for the significant role that human error plays in breaches from confidential data sent to insecure home systems, to phishing schemes that rely on tricking people into giving up sensitive information belonging to their employer.

At a minimum, organizations should ensure that mechanisms are in place to minimize the damage caused by inevitable cyber-infiltrations so that if criminals are able to breach a system they won’t necessarily be able to exit with anything of value.

That starts with prioritizing the information that organizations must protect, said Christian Leuprecht, national security expert at the Royal Military College and Queen’s University.

“People think there is such a thing as privacy and that you can keep things secret. We need to come to the realization that’s not possible,” said Leuprecht.

“We need to say 90 per cent of stuff that becomes public, we can live with that. And here’s the stuff that we have to protect at any and all cost, and where we’re going to put all our efforts into protecting that.”

Surprisingly, encryption in which data is translated into a secret code that can only be accessed by using a secret key or password to decrypt the documents into plain text is one measure few companies seem to be adopting, said Satyamoorthy Kabilan, director of national security and strategic foresight at the Conference Board of Canada.

“The fact that every time we hear about someone’s system being breached and people are able to read the details tells you a lot,” Kabilan added.

Encryption, however, isn’t a viable long-term cyber-strategy for companies that need to have constant access to data themselves, according to Andre Boysen, chief identity officer at Toronto-based SecureKey.

“It’s going to make it harder for the business to read the data,” he said. “It’s got limited usefulness.”

Typically, such companies instead rely on constantly monitoring what’s happening on their network — a feat no human can succeed at, even with organizations leveraging more artificial intelligence and algorithms to determine suspicious activities and identify them before hackers get access to their crown jewels.

“We always assume people are hacking near perfect systems,” said Leuprecht. “We have major human errors in the way the system are set up. Most people actually run terrible operations including some of the largest in the country.”

Failure to patch and update systems is another area where human error causes critical fallout, Kabilan noted.

“It’s so much of a non-starter that it’s not being done,” he said, referencing the WannaCry ransomware attack, which infected hundreds of thousands of computers in May and scrambled data at hospitals, factories, government agencies, banks and other businesses around the world.

“(WannaCry) spread because some people clicked on a link but the reason it proliferated was that it took advantage of an unpatched system.”

Organizations need to get a better handle on setting up simple deterrents to make it as unattractive as possible to try to steal information, said Leuprecht.

“For instance, if you’re storing credit card information, or things that have lots of numbers, you can create fake versions of them … So if somebody gets a hold of all these numbers they don’t know what the fakes are and what the real ones are,” said Leuprecht.

“If you’re just an organized criminal operation that’s trying to extract financial data, you don’t want to invest millions of dollars and hours trying to sift through all the data to figure out what’s real, what’s fake, what’s usable.”

Other effective methods not be used by companies are exfiltration detectors that examine outgoing data and block any documents that are intended to remain inside the network, he added.

“This is not rocket science,” said Leuprecht. “You have a water main break, you shut it down.”

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

The future of Westerner Park continues to be plagued by many unknowns, including when city council will make a decision about financing its operations. (File photo by Advocate staff).
Red Deer city council delays making decision on Westerner Park financing

It will mean missing the next opportunity to apply for a provincial loan

Nineteen-year-old Amanda enjoys a ride during a visit to Spirit’s Respite Ranch near Stettler. photo submitted
Busy days at Spirit’s Respite Ranch near Stettler

The ranch, which launched operations last summer, provides support through animal interaction

Red Deer Mayor Tara Veer at the announcement that the city will be getting a drug treatment court Thursday. Jason Luan, associate minister of mental health and addictions, looks on.
Photo by PAUL COWLEY/Advocate staff
Veer concerned about rising COVID-19 cases in Red Deer

The City of Red Deer is reminding citizens to protect themselves against… Continue reading

Rode
Volunteering played major role in RDC awards

Under normal circumstances, the RDC Red Deer Bottling Athlete of the Year… Continue reading

Alberta chief medical officer of health Dr. Deena Hinshaw said on Thursday that the province has seen its first case of the B.1.617 variant. (Photography by Chris Schwarz/Government of Alberta)
Red Deer nears record number of active COVID-19 cases

Alberta reports 1,857 new cases of COVID-19, 1,326 new variants

Curtis Labelle (second from left) and his band are planning a cross-Canada tour in 2022. Meanwhile, Labelle is continuing to host his weekly livestreamed talk show, Chattin 88. (Contributed photo).
Red Deer rock pianist takes on a talk show role

Curtis Labelle’s Chattin 88 gets views from around the globe

Toronto Maple Leafs' Nick Foligno (71) and Mitchell Marner (16) celebrate Marner's goal on Winnipeg Jets goaltender Laurent Brossoit (30) during second-period NHL action in Winnipeg on Thursday, April 22, 2021. THE CANADIAN PRESS/John Woods
Leafs end five-game winless skid with 5-3 win over Jets in North Division battle

Leafs end five-game winless skid with 5-3 win over Jets in North Division battle

Taylor Pendrith from Richmond Hill, Ont. salutes the crowd after sinking a birdie on the 18th hole to come in at five under par during first round of play at the Canadian Open golf championship Thursday, July 24, 2014 in Montreal. THE CANADIAN PRESS/Paul Chiasson
PGA Tour Canada splits into Canadian, American circuits for 20201

PGA Tour Canada splits into Canadian, American circuits for 20201

Like father, like son: Floreal emerges as one of Canada’s top sprinters

Like father, like son: Floreal emerges as one of Canada’s top sprinters

Toronto Blue Jays center fielder George Springer (4) walks on the field during a team workout, Wednesday, March 31, 2021, at Yankee Stadium in New York. The Blue Jays face the New York Yankees on opening day Thursday in New York. (AP Photo/Kathy Willens)
Injured Jays OF Springer to play in intrasquad game Friday

Injured Jays OF Springer to play in intrasquad game Friday

Toronto Raptors' Khem Birch (24) defends against Brooklyn Nets' Blake Griffin during the second half of an NBA basketball game Wednesday, April 21, 2021, in Tampa, Fla. (AP Photo/Mike Carlson)
Raptors ride strong 3rd quarter to 114-103 win over Nets

Raptors ride strong 3rd quarter to 114-103 win over Nets

Team Canada's Jocelyne Larocque celebrates her goal past the U.S.A. with goaltender Embrace Maschmeyer during first period of Women's Rivalry Series hockey action in Vancouver, Wednesday, February 5, 2020. THE CANADIAN PRESS/Jonathan Hayward
Stunned Canadian players head home after women’s world hockey cancellation

Stunned Canadian players head home after women’s world hockey cancellation

Health Minister Patty Hajdu is shown at a COVID-19 press conference in Ottawa on Friday, Dec. 11, 2020. THE CANADIAN PRESS/David Kawai
Health Canada proposes new restrictions on talc in some personal care products

Health Canada proposes new restrictions on talc in some personal care products

Tampa Bay Buccaneers quarterback Tom Brady passes under pressure from Kansas City Chiefs defensive end Alex Okafor during the second half of the NFL Super Bowl 55 football game, Sunday, Feb. 7, 2021, in Tampa, Fla. Lawmakers are debating legislation to legalize single-event betting as a bill reaches final reading in the House of Commons. THE CANADIAN PRESS/AP/Mark Humphrey
Bill on single-game sports betting on cusp of passing — but not for first time

Bill on single-game sports betting on cusp of passing — but not for first time

Most Read