No SMEs are safe from a cyber attack |Jdm

As an entrepreneur, should you worry about cyberrencies?Absolutely, say the specialists.

• Read also - Cyberattaque against the STO: affected customers

• Read also - a campaign of fraudulent emails aims at the Laval school service center

"No one is safe," says FrançoisDaigle, vice-president, professional services, from Okiok.All companies are potential targets, especially for ransomicials.This is the current wound.As soon as the attackers identify a target, they exploit it.»»

M.Daigle reports that her firm is asked for dozens of incidents every week since the start of the pandemic."Attacking businesses has become a business," he said.Forget the gifted teenagers in the family subsoil: attackers are teams of experts who work full time to find flaws by scanning internet and using specialized tools.»»

The latter resell these flaws on the Dark Web to other teams who will use them by encrypting or by exfiltrating the data without anyone noticing it.They will sell the fruit of their work to professional scammers who organize ransoms.Dark Web is a network parallel to the traditional web, accessible only via software, configurations or specific protocols.

Concretely: when you receive such a request, your systems have been infiltrated for weeks or even months.The attackers take an average of 180 days to infiltrate, scrutinize data, take control of email boxes, try to infect customers and partners, appropriate administrative access to deactivate or encrypt security copies and defense systems.All this, neither seen nor known.

« La menace est telle que nombre d’entreprises ont été chanceuses de s’en sortir sans avoir fait faillite»», poursuit M.Daigle.

The strategy

« Avant, les cyberpirates se contentaient de voler des informations sensibles, comme des numéros de cartes de paiement ou des informations médicales; désormais, les attaques de rançon visent à bloquer les opérations d’une organisation»», analyse Guillaume Caron, président-directeur général de VARS, division en cybersécurité de Raymond Chabot Grant Thornton.

"Nowadays, 95 % of cybersecurity incidents come from phishing: an employee clicks on an email link, it allows the cybercriminal to execute a malware (malware) which will give him full control of your computer environment.»»

In addition to the ransom cyber attacks are added theft of information, time, documents or industrial espionage, often carried out by frustrated employees.

To shelter

How to protect yourself?By focusing on very simple defense techniques:

And, above all, initiate specialists to carry out an assessment or an audit of cybersecurity (in particular intrusion tests), and, perhaps, offer awareness activities.

It's expensive ?We speak, for an SME, of a few tens of thousands of dollars.Certainly less than a ransom!In fact, Canadian companies have invested the equivalent of 1 % of their total income in this chapter in 2019, according to Statistics Canada.

Ransom requests are gaining momentum

The number and severity of attacks are constantly increasing on a global scale.A 2019 EMSISOFT firm report reports more than 452,000 ransomware ID service, including 4,689 in Canada only, at an estimated cost of $ 331.2 million.The losses (including ransoms paid and IT downtime) exceeded $ 2.2 billion.

Statistics Canada estimated in 2020 that 21 % of Canadian companies had been affected by a cyber attack, 18 % of which are SMEs of 10 to 49 employees and 29 % of SMEs from 50 to 249 employees.Those who declared the attack on the police said they had spent $ 27,000 on average to rely.

The average ransom demand increased by 33 % in a few months, reaching $ 257,756 in December 2019, exhibits the Canadian Center for Cybersecurity.And pirates can require much more. « En octobre 2019, une compagnie d’assurance canadienne a payé 1,3 million $ pour récupérer 20 serveurs et 1000 postes de travail»», déclare le Centre, qui ajoute qu’un nombre croissant d’exploitants de rançongiciels divulgueront des données sur leurs victimes pour punir le refus de paiement.

Free resources

To see too...