Recent incidents show that security breaches and cyber attacks have steadily increased across Canada and globally, with healthcare service providers seen as a prime target. Needless to say, healthcare organizations are greater targets for data theft than organizations in other sectors for various reasons. For example, there was a 37 percent increase in attack rate per healthcare organization throughout 2020 and the beginning of 2021. In effect, organizations need to implement proper security controls to prevent harmful and costly attacks

How can we secure the processes, facilities, technologies, systems, assets, networks, and services essential to the safety, health, or economic well-being of Canadians? How can we enhance the cybersecurity posture for critical infrastructure that can be interconnected and interdependent within and across provinces, territories, and national borders? Cyber-attacks and disruption of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and harm to public confidence, as is the case with the Colonial Pipeline hack.

2021 has been a busy year for cybercriminals. The year is not yet over, and the number of publicly-reported data compromises through September 30, 2021, has exceeded the total number of events in full-year 2020 by 17 percent, according to the Identity Theft Research Center data breach analysis. A new report from IBM Security revealed the average cost of a data breach in Canada was $6.75 million per incident in the 2021 survey year. On all levels, this could be a record-breaking year for data breaches. That's up from $6.35 million the year before, and the highest since the survey included Canada seven years ago.

The world is slowly beginning to reopen, and organizations are making decisions on what the post-pandemic workplace looks like. As many organizations look to bring their staff back into the office, others will opt for hybrid models or stick with full-time remote teams. Currently, millions of employees in Canada work from home full time with no end in sight, and many employees wish to continue working remotely once the pandemic ends

Peculiarly, the language used by senior management in quarterly earnings calls with investors and analysts placed the remote work discussion central in the public companies' earnings calls in 2021. This discussion was perceptibly limited in the years before 2020, and it is not a stretch to say that modern history will reference the year as a turning point. Many CEOs now view remote work in a favorable light, a sign that it is here to stay. Some companies that have announced they will allow, encourage, or require employees to work from home permanently include Shopify, Twitter, Facebook, Square, Coinbase, Upwork, AWeber, Otis, and Amazon.

As the famous Charles Dickens quote goes, "we are in the best of times, yet we are also in the worst of times". On one side, organizations, and users alike, benefit from the emergence of new technologies, including the Internet of Things (IoT), 5G, artificial intelligence (AI), and so on. On the other side, there has been a rise in recent successes scored against high-profile targets, including the world’s largest meat processing company, JBS, that shut down facilities in the United States, Canada, and Australia after an attack.

Meanwhile, since the pandemic started, bad actors have been exploiting the vulnerabilities of organizations moving to remote working strategies. On the other side, security professionals have worked tirelessly to mitigate the threats, and vendors are delivering new and reliable technologies to support their efforts.

Based on the information and analysis from our professionals, here are the top five security and risk trends we think are worth watching as we go into 2022 and ways Sentia helps organizations stay prepared for the possibility of threats.

To understand how tremendous the change towards digital identity has been, let’s take a trip down memory lane and consider what IT environments used to look like.

Traditional IT departments had overall ownership and control over all access levels to networks and infrastructure. Besides that, organizations owned servers, IT hardware, and client workstations, many of which ran from the premises. For days on end, the firewall and antivirus programs shielded networks and devices from external intrusion. The tool is still essential in any cybersecurity system, but with the increased access to sensitive information and systems from beyond the internal network, the perimeter has now shifted to endpoints.

Today, there is a great reliance on cloud computing, the Internet of Things (IoT), and mobile devices that enable access to crucial information away from the legacy network perimeter. With the current digital transformation, it is safe to say that identity is the new perimeter across all industry verticals.

Suppose ransomware or an encryption trojan gets onto your device. In that case, it locks your operating system or encrypts your data, getting hold of a digital hostage such as files and demanding a ransom to restore control to you. Currently, ransomware infections occur in various ways, including spam emails, software downloads, and insecure and fraudulent websites. The attacks leave victims in situations where they must pay horrendous sums of money for the possible release of their files and systems.

In case you are wondering if you are a potential target of a ransomware attack, there are a number of  ways you can get infected, including the use of devices with outdated software, running unpatched operating systems and browsers, lacking proper backup plans, and not paying sufficient attention to cybersecurity measures. The annual Canadian Internet Registration Authority (CIRA) Cybersecurity Survey suggests nearly 70 percent of Canadian organizations facing a ransomware attack last year paid the demands to avoid downtime, reputational damage, and other costs. The survey further reveals that one-quarter or more of organizations that suffered a ransomware attack were damaged in terms of recovery costs, loss of revenue and customers, or reputational damage.

Fortunately, you can reduce the likelihood of finding yourself in front of an infected computer or encrypted file by being prepared. In fact, it is possible to significantly reduce the chances of infection by implementing the following controls and best practices. So, as we wrap up Cybersecurity Awareness Month, here are our top 7 ways to prevent ransomware attacks.

Undoubtedly, technology has evolved at a rapid pace over the past several decades and continues to do so. But some legacy machines that may be unfairly viewed as obsolete still hold tremendous value in today’s marketplace.

Enter IBM i – a family of mid-range computers that has gone through many name changes during the course of its lifetime.

As the image below illustrates: The evolution of IBM i began in the late 1970’s with the AS/400 (Application System/400) being introduced in 1988 as the successor of the previous two models.

“If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.” - Dan Farmer, Cyber Security Analyst, Researcher, Programmer

If you have read the previous post in our Cyber security series: Emergence of XDR, Importance of MDR, Importance of MFA and the True cost of a Data Breach, you might be wondering: “How do I solve these for the long term?"

Well, the answer is not simple. It starts with organizational policy review, revision, and enforcement.

As technology has continued to evolve, the importance of cloud computing has too. According to Flexera’s 2021 State of the Cloud Report, investing in cloud is steadily on the rise in 2021. Businesses of all sizes are reaping the immense benefits of cloud adoption. From SaaS (Software-as-a-Service) to Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) – the ability to be more agile, innovative and reach customers in multiple ways has enabled businesses to significantly streamline operations and improve overall customer engagement.