| |DECEMBER 20249CIOReviewtools, many of which are interconnected. These systemic risks create the potential not only for annoying and costly disruptions, but also for cyber incidents of catastrophic proportions. Even as cybersecurity solutions evolve, malicious actors are often one step ahead in finding creative ways to exploit weaknesses across environments. Accelerated digitization, combined with an abrupt move toward remote and hybrid work in recent years, has made people and companies more vulnerable. We commonly see phishing scams, business email compromise schemes, social engineering tactics, business interruption attacks, and zero-day exploits, which prey on previously unknown software flaws and lack known fixes. The impact of cyber incidents can be colossal. Breaches that shut down a business for even a short period can have a considerable impact on reputation, customer retention and revenue. One well-known retailer experienced an attack that prevented people from buying items online for months. The incident hurt the brand's image, and impatient customers went elsewhere. Breaches at financial institutions have caused clients to withdraw their money. Those that reveal sensitive details, such as health or financial information or trade secrets, can jeopardize a business. In an increasingly connected economy, companies are affected when a vendor or service provider goes down, even when they're not victimized directly. Cyber operations that target a supply chain or cloud platform can quickly reach vast numbers of companies and individuals. How to Protect YourselfIt's impossible to guarantee that a cyber incident won't happen, but companies can take steps to protect themselves: · Plan ahead Establishing strong security controls is the first layer of defense. Ensure that all employees use strong passwords along with multi-factor authentication. Use access management tools to grant administrative rights only to approved parties and limit access to sensitive information. Implement endpoint security solutions that monitor individual laptops and mobile devices for unusual activity. Update software regularly to include the latest patches. Inventory company assets to identify crown jewels that require extra safeguards. Keep data encrypted, both at rest and while in transit. Regularly scan for vulnerabilities and patch issues in a timely manner. And train your employees to be smart in cyberspace, including how to recognize and report phishing scams. Early detection of a cyber incident can have a large impact on the total cost of an incident. According to IBM, the average cost difference between breaches that took over 200 days to find and resolve, and those that took less than 200 days is $1.02 million (USD).· Have a response readiness strategyEven with strong safeguards, cyber incidents can happen. Make sure your company has an incident response roadmap that details how to get back on your feet. It should outline responsibilities across the company: How will leaders handle malicious business interruptions? How will technical teams deal with the immediate fallout? How will you investigate incidents and fix security gaps? How will public relations shore up the brand's reputation? Who will you contact regarding your cyber insurance policy? Every business should have data backed up in a fully encrypted format that is segregated from the main network. Consider any special precautions based on your industry. For example, if you're a manufacturer, do you have a plan to keep equipment operating? Finally, share what happened with peers in your industry. The more companies disclose about current threats, the more they can work together to evolve their defenses. · Prepare for the worstThese days, anyone with a laptop or phone connected to the internet has risks that can be addressed through cyber insurance. Work with an insurer that's established in the cybersecurity space, with the longevity to understand how threats are changing and the financial stability to support policies. Insurers with cybersecurity expertise can provide tools, coaching or other services to reduce your vulnerability and get you up and running faster after an incident. Check that your policy covers extortion, social engineering scams and interruptions due to breaches affecting your vendors, and confirm whether class action lawsuits are excluded. Working with a broker who specializes in cyber insurance can help you find the right policy for your needs and industry. In 2023, Canada has the third highest average data breach cost according to IBM1. Frequency of incidents is also high in Canada with 49% of Canadians stating they were targeted by a fraud scheme recently in a 2023 TransUnion survey. Our growing dependence on integrated computer networks has helped us become more efficient, innovative and collaborative, but it has also made us more vulnerable to cybersecurity threats. Increasingly elaborate attacks can threaten a company's reputation, bottom line and sometimes its very existence. For most individuals and organizations, experiencing a data security breach is not a question of if but when. By implementing preventative measures and establishing a robust roadmap for response, they can better prepare to weather the storm. Cybercrime is nothing new, but risks have proliferated as the world becomes more dependent on technology
< Page 8 | Page 10 >