When most entrepreneurs consider the many challenges facing their company, the usual suspects come to mind. Think everything from cash flow and financing issues to industry competition and economic upheaval. There is no shortage of factors that can derail the growth and success of a small to medium-sized business.
Add one more omnipresent concern to the list.
Cyber security threats are real and are having a significant impact on many SMEs across Canada and around the world. From attacks against major retailers such as Home Depot and Target, to breaches at credit rating agency Equifax, in recent years companies of all sizes and across industries have proven vulnerable to hackers.
According to a 2016 PwC Canada survey, Canadian companies experienced a 160 per cent year-over-year increase in cyber incidents, with cyber threats from abroad increasing by 67 per cent. Incidents related to employee error or data mishandling accounted for a whopping 66 per cent of cyber security problems.
Canadian CEOs are paying attention to these challenges, increasing investments in IT security by 82 per cent, according to PwC’s data, but that sum still accounts for only 5 per cent of overall IT spending, on average.
According to a report by the Canadian Chamber of Commerce , the cost of cyber security breaches continues to escalate, with the average cost of a data breach for companies of all sizes topping $6.03 million in 2016:
“As with the number of data breaches, the number of businesses reporting financial losses as a result of cybercrime over the last two years is increasing. At the same time, the dollar value of those incidents is also on the rise. In a recent PwC survey, business executives note the cost of cybercrime on the bottom line is increasing. These costs include downtime, compensation for breached records and loss of intellectual property.”
Research by our IT partners at Connected Technologies Inc. (CTI), sheds further light on the challenge. CTI noted that, while hackers and online fraudsters regularly hone in on a wide range of targets, they see significant opportunity in exploiting weaknesses in accounting, tax reporting and Point of Sale (PoS) software. Such vulnerabilities are leading to the increasing prevalence of ransomware and malware—programs that hold data hostage or expose systems for hacker exploitation, respectively—which can’t be effectively stopped by traditional anti-virus and anti-malware software.
The threats don’t end there. Other nefarious tactics such as the use of phishing emails are also on the rise. The CTI team notes that clever attackers will take the time to study a business and its employees, then send emails from managers or other external contacts asking for information. Hackers will then use this information to break into your IT systems, insert malware or ransomware and potentially steal data or find creative ways to cripple your business. There really are no limits to the potential damage once they have full access to your IT infrastructure.
Alternatively, some malfeasants will use infected Microsoft Office documents to deliver malware. These documents are a vehicle for introducing hostile code designed to compromise an organization from the inside out. Then there’s the relatively novel tactic of typosquatting (unfortunately, hackers have plenty of time to think of new methods to infiltrate your cyber defences). Let’s say your employees type in a common URL such as Google.com or Apple.com, but misspell the address (another common occurrence). Squatters—who at this point would have registered domain names with misspelled versions of actual web addresses—can take advantage of an unsuspecting visitor by installing malware on their computer.
And these are only a handful of the potential cyber security risks facing your business. While understanding these threats is the first step to protecting your bottom line, you’re probably wondering what you can do to protect your IT infrastructure. For more on that, stay tuned for a list of effective tactics in our next blog.
Jenny Lian, Partner