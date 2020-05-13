The pandemic, a boon for criminals
Photo: Adil Boukind The Duty
Better companies will be prepared, the more they will limit the damage a cyber incident.
The pandemic of sars coronavirus is a godsend for criminals who are excellent at finding holes in corporate defenses and whose ransom demands were already paid for.
It took only a few weeks after the beginning of the imposition of containment measures in Canada to ensure that the group specialized in cyber security of the firm, business lawyers, Blakes lane to double, and even triple, the number of cyber attacks that were reported, ” says one of its partners, Imran Ahmad. “But this is probably nothing compared to what people will find when they return to the office and will drive their computers,” warns the lawyer.
It is that the current context is particularly favourable to cybermalfaiteurs, he explained Tuesday in a telephone interview with the Duty. Their art is to find loopholes by which to introduce into the computer system of the company. “When so many people spend to telework from one day to the next, the number of possible loopholes multiplies very quickly. It can be found in your personal computer, in software that have not been updated, in a Wi-fi connection ill secured… “
We will be mistrustful least as of the file (containing a malicious software) accompanying an e-mail coming from a so-called ministry or charity, or even of the so-called e-mail from a superior, or a customer (whose account has been infiltrated by a hacker) who claims, because of the rules of containment, payment by electronic funds transfer rather than by cheque.
Dark portrait
The firm Blakes has unveiled last week what it presents as the first overall picture of the cyber security business in Canada. It is based on surveys conducted by specialized firms on more than 250 incidents, as well as on the data made public by the police stations for the protection of privacy and close to 800 companies that are listed on the stock exchange.
In it we learn, among other things, that the sectors of professional services (24 %), finance (19 %), technology (15 %) and health (13 %) are the most targeted by cyber attacks because of their large volumes of personal data or critical. Most often (35 % of cases), it is a ransom demand, without the payment of which the pirates threaten to destroy or make public the data (ransomware). The remote control of email accounts came in second (24 %).
In more than half of the cases (53 %), companies choose to pay the ransom, that is to say less than 20 000 $ in a third of cases, an amount ranging from this amount up to $ 100,000 to another third of cases, but sometimes of 100 000 $ to 250 000 $ (16 %) or even more (15 %). “For the past year, there has been an increase in the degree of sophistication of ransomware and the claimed amounts,” says Imran Ahmad. Faced with the prospect of seeing their activities and business relationships disrupted for two weeks (28 %), double the time (24 %), if not even longer (23 %), many enterprises prefer to, in effect, to buy peace.
Motus and mouth stitched
More than two-thirds (69 %) of victims of cyber incidents do not report the case to authorities. The law does not oblige, states the lawyer. “Some are embarrassed of what happened to them. “Others feel likely that the police do not have the means to fight it is sufficient to dismantle the criminal networks that often extend beyond the borders.
Among the main companies listed on the Toronto stock Exchange, less than half (41 %) indicate being with a policy on cyber-security, and only 11 % have implemented measures of data encryption to protect confidential information. The first class in the matter are the oil and gas sectors.
“All companies will be, one day or the other, victims of a cyber incident. The better they are prepared, the more they will limit the damage “, said Imran Ahmad.
In addition, at least 28 million Canadians have been affected by leaks of personal data of the end of 2018 to late 2019. These should not rely too much on financial redress, the few collective actions that resulted in a settlement, up to now, there have been reports of $ 15 to $ 100 per person.