Let’s get in the know!
Starting as a family business in 1926, with the strong entrepreneurial spirit of Riki Gougeon and later taken over by his daughter Judy, Gougeon Insurance Brokers understands the need to protect your business and its assets.
As of late, you may have heard about “cybercrime”, “cyberattacks”, “cyber criminals”, “cyber extortion”, “breaches”, “malware”, and the lists and lingo go on. We’ve heard it too. These words, ominous as they seem, are made more unpleasant or even scary by the fact that we may not know what they mean exactly.
The word “cybercrime” may be trending, but the fact is cybercrime is no longer an emerging issue. In the TED talk, Where is cybercrime really coming from?, VP at IBM Security Caleb Barlow states, “Cybercrime is out of control. It’s everywhere. We hear about it every single day”. His strategy–solution–for combating cybercrime is to start talking about it: who is infected and how it is spreading.
Like you, we felt a need to talk about this thing called “cybercrime” and get informed. In February 2017, the Gougeon team met to talk and learn more about cybercrime and how we as a company can work together to protect ourselves. A session was held with all staff about “Preventing Cybercrime with Employee Awareness”, presented by Serge Solski from AdviseAware Risk Consulting, Waterloo.
We wanted to continue this conversation with other business owners and share the knowledge.
Why we as business owners should care
- In 2016, cyberattacks were rated third (at 35.7%) for risks of highest concern for doing business in Canada. In 2017, cyberattacks were rated second (at 40.9%) for risks of highest concern for doing business in Canada (Global Risks of Highest Concern for Doing Business, World Economic Forum).
- In 2014, of companies surveyed, they reported an average of 34 attacks per year. In 2015, that number increased to 40 attacks per year and the average cost per attack was $175,000 (The Cyber Security Readiness of Canadian Organizations, 2016 Scalar Security Study).
What should we know?
- The nature of cyberattacks and the identity of the assailants may be difficult to determine and predict. An attack can and has happened to large and small companies, and individuals with diverse backgrounds. Cybercrime doesn’t discriminate.
- What Canadian businesses are saying: 80% agree that attacks are more severe, 71% say that attacks are more sophisticated, 70% say that targeted attacks are more frequent, and 56% agree that the frequency of all attacks has increased (The Cyber Security Readiness of Canadian Organizations, 2016 Scalar Security Study).
- Other outcomes of a cyberattack may include but are not limited to: business interruption (loss of time and money, disruption of everyday operations, vulnerability), loss of customers and/or market shares, loss of competitiveness, loss reputation or brand value, among others.
Breaking it down
This all might seem a little scary or overwhelming; we know. Let’s break it down.
- Cybercrime: “is generally defined as a criminal offence involving a computer as the object of the crime” (Cybercrime, Global Affairs Canada).
- Breach: “Any time sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual or entity without authorization” (Cyber Risk The Great Unknown: Assessing the threat and understanding the consequences of cyber breaches, Claims Canada).
- Malware: Malicious software that typically steals data or accesses something on the computer without authorization.
- Phishing: An attacked aimed at employees designed to obtain sensitive information such as usernames, passwords, credit card details, and system access by masquerading as a trustworthy entity in an email. A more damaging and targeted form of this type of attack is “speahphishing”.
- Social Engineering: “occurs when an employee of a business is duped by a fraudster into voluntarily parting with the assets of the business” (Coverage for Social Engineering Fraud Takes Its Place Among the Required Coverage for Canadian Business, Claims Canada).
- Spoofing: A cyberattack that tricks its victims by making an email request appear to be coming from someone they know, usually senior management or an executive. This tactic is often used to initiate fraudulent bank wire fund transfers.
How can we learn more?Read our other blog on Cybercrime, “Tell Me Straight! Is it bad? Cybercrime?” by Gougeon’s strategic partner and cybercrime expert, Serge Solski of AdviseAware Risk Consulting. Read it here.