In a world already exhausted by the unrelenting pandemic, the holiday season offers the promise of a reprieve for some. Unfortunately, the holiday season is also a time when cyber criminals are particularly active as most people try to unplug and take some well-deserved breaks from work.
To add fuel to the fire, the number and costs of attacks are increasing significantly:
- The number of known cyber-attacks increased by 151% in the first six months of 2021, and the average cost for a data breach was $6.35 million per breach
- A settlement of over $200 million was recently confirmed for the data breaches involving Desjardin
Given the significance of attacks, organizations must take action to mitigate the risks and impact of a successful attack.
Here are some quick reminders of the key steps organizations can take:
- Assess: If your organization has not recently worked with a qualified cybersecurity firm to conduct an assessment of your infrastructure for gaps, now is the time. Cyber criminals scan for vulnerabilities and a weak system puts you at a high risk of attack. An assessment can help you understand your vulnerabilities and how to address them.
- Train: People are our strongest asset but are also often our weakest link when it comes to cybersecurity. Everyone plays a role and needs to clearly understand the risks and what they can do, and they need to be reminded regularly.
- Back up: It is critical to have an appropriate back-up plan in place. Your back-up should be regular, replicated, and off-site. Assuming you have an appropriate plan in place is not enough – ensure that your critical information is backed up appropriately.
- Insure: The financial impact of an attack can be devastating. Make sure you have appropriate cyber insurance coverage in place.
- Plan: No matter what, you cannot eliminate the risk of an attack. Prepare in advance by making an incident response plan and practice so you're ready.
There are a number of guides and checklists available to help organizations protect themselves against cyber-attacks — the Canadian Cyber Security Centre is a good place to start.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.