Low Cost Means For Lowering Canadians' Cybersecurity Exposure

January 1, 2025

A recent report by Statistics Canada revealed that some Canadian businesses paid ransoms exceeding $500,000 following cyberattacks last year.

The survey, which included more than 12,000 businesses, found that 12 percent of those affected by ransomware made payments to attackers. Although most payments were under $10,000, a small percentage of organizations paid significantly higher amounts. Additionally, Canadian businesses spent $1.2 billion recovering from cybersecurity incidents in 2023, a substantial increase from previous years.

According to the source:

Canadian businesses spent $1.2 billion recovering from cybersecurity incidents last year, double what was paid a couple of years earlier.

That's also a sixfold increase from 2019, when businesses dished out $200 million according to the report.

The cost of cybersecurity continues to rise, with businesses also spending $11 billion on prevention and detection in 2023, compared to $9.7 billion in 2021. Most of that was on salary related to prevention and detection of cyberattacks. https://www.ctvnews.ca/business/huge-ransoms-paid-out-by-some-canadian-businesses-amid-rising-cyberattacks-statcan-1.7082104 (Oct. 22, 2024).

Commentary

The source is clear that the cost of cybersecurity continues to rise, but so do the losses.

The primary vector used for malware is spear phishing - email, text, social media, or other forms of messages disguised to look as if they are from a trusted source, but they are really from a bad actor.

Spear phishing may originate from a variety of sources – from criminal gangs to nation states - and is often sophisticated. The point of spear phishing is for employees, including executives, to provide their account details.

Most spear phishing has one thing in common - it asks you to select a link or an attachment. Consequently, a simple method of limiting spear phishing is to make it clear to all employees they are not to select unexpected links or attachments even if they are from someone or some organization they know and trust. Employees must independently verify from the sender that a link or attachment was sent. That means if you receive an email, you reach out - separate from the email sent - to verify from the sender that they sent the attachment or link.

The final takeaway is that if everyone follows that simple rule, you can decrease your exposure to malware significantly.

Finally, your opinion is important to us. Please complete the opinion survey: