Cyber Security Awareness Month (Cyber Month) is an internationally recognized campaign held each October to help the public learn more about the importance of cybersecurity.
This is an excellent opportunity for organizations to improve their own cybersecurity practices as well as those of their employees and stakeholders. As Cyber Month is drawing to an end, now is a good time to consider the top things you and your organization can do to mitigate your risks.
In addition, on October 21, 2024, Statistics Canada released an update on the impact of cybercrime on Canadian businesses. Key takeaways include:
- In 2023, about one in six (16%) Canadian businesses were impacted by cybersecurity incidents. The proportion of businesses impacted by incidents has been declining since 2019, with 21% of businesses impacted that year and 18% in 2021.
- In 2023, over one in eight (13%) impacted businesses reported experiencing ransomware attacks, up from 11% in 2021. The majority of ransomware victims did not make a ransom payment (88%). Of those that did indicate making a ransom payment, the majority (84%) paid less than $10,000, while 4% paid more than $500,000.
- Total spending on recovery from cybersecurity incidents also increased in 2023, doubling from approximately $600 million in 2021 to $1.2 billion in 2023.
Ways to mitigate your risks
ONE. Get buy-in from senior leadership and take steps to reduce the impacts of a data breach.
The costs of data breaches are rising, with the average global cost of a data breach exceeding US$4.8 million and spanning more than 250 days. Understaffed cybersecurity divisions, phishing attacks and stolen credentials were major contributors to high breach costs. At the same time, investments in AI, automation and crisis simulations significantly reduced cyberattack losses. Practices that mitigate breach costs include investing in employee training, incident response planning and securing data storage environments.
TWO. Develop a business continuity and disaster recovery plan.
A properly thought-out Business Continuity and Disaster Recovery Plan is essential for avoiding disruption to operations and ensuring quick recovery of critical systems. Key considerations in crafting this plan include assessing risks, safeguarding data, defining roles and regularly testing the plan. By preparing your organization with these strategies, you can minimize losses and ensure a timely response to potential cyberattacks.
THREE. Mitigate risks with vendors.
The risk associated with storing personal and other confidential information is heightened when the information is transferred to service providers (vendors) and a number of significant incidents start with your vendors. You can mitigate this risk by doing appropriate due diligence and risk assessment, putting appropriate contractual safeguards in place and conducting regular monitoring of your vendors.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.