#CyberFLASH: HSB BI&I Study Shows 87 Percent of Canadian Businesses Experienced Hacking Incidents

keyboardTORONTO – Almost 90 percent of Canadian businesses have experienced at least one hacking incident in the last year, according to a study of business risk managers released today by The Boiler Inspection and Insurance Company of Canada (HSB BI&I), part of Munich Re.

More than half (60 percent) believe their companies are dedicating enough money or trained and experienced personnel to combat the evolution of hacking techniques, yet 42 percent do not have cyber insurance coverage.

“With the prevalence of cyber attacks in Canada, there is a clear discrepancy among risk managers’ perceptions and the level of exposure their companies face from hacking activity,” said Derrick Hughes, vice president for HSB BI&I. “Hackers have evolved and so have the risks. Businesses must do more to protect their sensitive information and manage any data breaches.”

Of the risk managers studied, 66 percent represented large enterprises, followed by 28 percent at mid-sized organizations and 6 percent at small-businesses.

The survey revealed a notable uptick in awareness and concern about cyber risk following the recent passage of The Digital Privacy Act (Bill S-4). Nearly 70 percent of risks managers said they would be more inclined to purchase cyber insurance coverage for their company due to the new data breach notification requirements.

Concerns about the type of information being breached ranged from sensitive corporate information (50 percent) to personally identifiable information (42 percent) to financial information (8 percent).

Read more here

#CyberFLASH: Privacy bill actually undermines privacy

n-ONLINE-PRIVACY-largeCanada’s privacy reform law should include stiffer penalties for companies that commit security breaches, according to a University of Ottawa law professor.

But instead the Digital Privacy Act, Bill S-4, leaves a “massive hole” when it comes to protecting Canadians’ personal information says Michael Geist.

As the draft legislation currently stands, Bill S-4 allows telecom companies, Internet providers or banks to share personal information about subscribers – without the subscriber knowing.

“Not only does it really hurt our privacy, but it really runs counter to a lot of things that Canadian courts have had to say about safeguarding personal information,” said Geist on Monday, after speaking at a committee hearing for the bill.

Read more here

#CyberFLASH: Canada Mulls Mandatory Data Breach Notifications

FEATURE-encryption-graphic-1-SHUTTERSTOCKCanada is considering incorporating fines for organizations that do not proactively notify individuals or the appropriate regulatory bodies of data breaches.

Bill S-4, the digital privacy act, is now before the House of Commons. It would amend the Personal Information and Electronic Documents Act to include mandatory breach notification provisions to alert both affected individuals and the privacy commissioner if there’s an incident, and would require compromised organizations to keep a record of every breach.

“On breach notification, I think Bill S-4 has it right,” said Chantal Bernier, former interim privacy commissioner of Canada who is now counsel at Dentons LLP, speaking to Canadian Lawyer Magazine. “You need to make breach notification mandatory so the affected individuals can protect themselves.”

Failure to comply could include fines of up to $100,000, but the language of the bill leaves significant loopholes open. For one, the notification will only be required in cases that inflict “significant harm,” including “physical and moral” harm. The bill also does not specify a notification window—only that it should be carried out “as soon as possible.”

Read more here

#CyberFLASH: Cyberbullying bill draws fire from diverse mix of critics

cyberbullying-bill-c-13Justice Minister Peter MacKay probably expected to take some shots from the opposition over Bill C-13, colloquially known as the cyberbullying bill.

But he may not have been expecting to take so much friendly fire from his own base.

After all, it’s a rare piece of legislation that can unite groups as disparate as the Council of Canadians and the National Firearms Association. And yet the bill, which went to third reading 10 days ago, after the Conservative government voted to shorten time for debate, has done just that.

Sheldon Clare is president of the National Firearms Association, the country’s biggest gun owners’ organization and the same group that persuaded MacKay to pose in a sweatshirt with its rifle logo a few weeks ago.

But if the minister thought his gesture would win the group over on Bill C-13, he was mistaken, says Clare.

“We think that this is probably the most draconian step towards police interference in people’s lives since George Orwell revealed the potential for it when he wrote 1984.”

Read more here

#CyberFLASH: Bill C-13 Moves Ahead, Despite Claims Supreme Court Already Killed It

Peter MacKay Steven Blaney

The Harper government is set to push through a bill that critics say the Supreme Court has already in effect struck down.

Bill C-13, the Protecting Canadians From Online Crime Act, comes up before the House of Commons on Wednesday.

Often referred to as the “anti-cyberbullying bill,” C-13 was the government’s response to a high-profile Nova Scotia cyberbullying case that is currently under a controversial publication ban.

The bill makes it a crime to transmit pictures without consent, and it removes barriers to getting unwanted pictures removed from the internet.

But critics say the bill also threatens the privacy rights of Canadians by granting immunity to telecoms that provide subscriber information to police without a warrant.

They argue the bill has in effect already been rendered unconstitutional by the Supreme Court, which last June declared that law enforcement requires a warrant to get even basic subscriber data.

Government officials, speaking on background, have told HuffPost previously that the government takes a much more narrow interpretation of the Supreme Court ruling, and is confident the controversial bills will pass constitutional muster.

Read more here

#CyberFLASH: Study estimates 36% of Canadian businesses know they’ve been hit by cyber attack


TORONTO — More than one-third of Canada’s IT professionals know — for sure — that they’d had a significant data breach over the previous 12 months that could put their clients or their organizations at risk, a cybersecurity study suggests.

And as startling as that statistic may be, the actual number of breaches could be higher since the same international study found 56 per cent of the 236 Canadian respondents said they believed threats sometimes fall through the cracks.

“Even the best-protected networks have regular security incidents,” says Jeff Debrosse, director of security research for Websense, a U.S.-based security company that commissioned the study.

“It’s a 24-7 onslaught. It’s a barrage of attacks and attempts to penetrate the defences.”

Debrosse says it’s a real challenge for organizations to understand their vulnerabilities, let alone prevent breaches. Technology is improving, he adds, but it’s more important to share information about attacks within and among organizations.

Read more here

#CyberFLASH: Privacy could vanish if cyber-bullying act becomes law in Canada


PEN Canada voiced its concern at revelations that local telecom companies and other service providers disclosed personal information from nearly 800,000 customers in a single year, a practice that would be codified in two bills currently before Parliament. 

The Protecting Canadians from Online Crime Act (Bill C-13), currently being discussed at the Standing Committee for Justice and Human Rights, would provide telecom companies with criminal and civil immunity for disclosing subscriber information to government agencies. According to information published following an access to information request by University of Ottawa Law professor Michael Geist, in 2011, nine of Canada’s major telecom providers and social media sites received 1.2 million data requests from government agencies. The companies complied in 784,756 cases. The total number of requests and disclosures from all telecom companies is likely higher. 

Read more here

#CyberFLASH: Digital Privacy Act Opens Copyright Loophole That TekSavvy-Voltage Case Closed


Michael Geist, the Canada Research Chair in internet and e-commerce law at the University of Ottawa, was the first to raise alarm bells about a provision buried within Bill S-4.

The bill would finally require organizations to tell Canadians when there had been a security breach involving their personal information. But the proposed rules also permit companies to voluntarily disclose personal information to another company, without a court order and without telling the person affected.

“The expansion of warrantless personal information disclosure raises enormous concerns,” Geist said. 

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.