#CyberFLASH: Over Half Of Canadian Execs Say Security Is A Top Concern, But Aren’t Acting On It


A report from Microsoft Canada reveals that Canadian businesses aren’t doing enough to protect their data.

The survey revealed that while three-quarters of Canadians businesses (based upon a sample size of 700) say that implementing a digital strategy is among 2017’s top objectives, over half of them are concerned about security while migrating to the cloud.

However, Canadian executives are still navigating the security concerns that come with managing large amounts of data. Over half of Canadian executives said in a survey that security is their top concern when making the transition to the cloud.

“It’s great to see that the cloud continues to gain momentum and that Canadian businesses recognize its value,” said Janet Kennedy, president of Microsoft Canada, in a statement.

The survey also suggested that only 21 percent of Canadian executives feel fully prepared in case of a data hack or leak. Furthermore, local data residency is important to Canadian executives, as is addressing the growing concern that is cyber criminals and cybersecurity.

“The survey confirmed that business leaders need to feel confident that their data is secure and is being stored here in Canada. This is especially important for businesses with stringent compliance standards, such as government and healthcare organizations,” added Kennedy.

Read more here

#CyberFLASH: Red Deer men targeted by sextortion scam


RCMP are investigating an extortion scam after two Red Deer men were “lured into compromising online encounters” by strangers on the internet.

Police say both victims were approached online in October by women.

The women lured the men over the internet “and then threatened to post the images online unless they were paid by their victims,” Red Deer RCMP said in a news release Wednesday.

Neither victim was defrauded of money, police said. In both cases, the women halted communication with their targets after the men informed them they were reporting them to police.

RCMP suspect there may be even more cases of this type of extortion happening in the community, but victims “may be too embarrassed to report it.”

Furthermore, investigators say these online profiles are usually fake and the scammers live in different countries, making prosecution impossible.

Read more here

#CyberFLASH: EQAO says ‘intentional, malicious’ cyberattack led to literacy test system crash

computer-gimbalThe Ontario agency tasked with administering the first online literacy test to tens of thousands of high school students in the province last week says it was forced to pull the plug by an “intentional, malicious and sustained” cyberattack.

The Education Quality and Accountability Office said Monday the network hosting the “voluntary” online test was targeted by an “extremely large volume of traffic from a vast set of IP addresses around the globe.”

It said the impact of the distributed denial of service attack carried out by “an unknown entity or entities” was to block
legitimate users such as school boards and students from accessing the test.

Most of the province’s 900 secondary schools — representing a maximum of 147,000 students — had signed up to participate in the test, which was a technical trial run before the first official test scheduled next year.

The EQAO’s director of assessment said some 15,000 students appeared to have managed to complete the test, and the agency is currently reviewing the data to see whether the results can later be released. However, there will not be time for another trial test before the spring, Richard Jones said.

There is no evidence at this time that the incident was linked to a similar cyberattack that affected websites such as Twitter and Netflix on Friday, Jones said.

Read more here

#CyberFLASH: Uber should investigate own databases after more claims of bogus fares, privacy experts say


A string of complaints by customers charged for Uber trips they say they never took has security experts calling on the ride-hailing company to launch a formal investigation to make sure its databases haven’t been breached.

After CBC News reported on the story of Laura Hesp, who lives in Toronto but was billed for an Uber ride taken on her account by someone in Poland, several others came forward to report similar experiences. Uber has warned customers incidents like this may be the result of phishing scams, but experts CBC News spoke to think the company should investigate to rule out the possibility that its own databases have been hacked.

The stories begin the same way. A person receives an unexpected email confirming an Uber cab is minutes away — except the customer hasn’t ordered one and the trip is thousands of kilometres away in another country.

George Sfeir, a 49-year-old Toronto man, says he was in his car on the way to his cottage in rural Ontario in July when he got a bill for an Uber ride he never ordered.

It was one of six bills he would receive over the span of two days for trips taken in Las Vegas, Des Plaines, Ill., and other American cities that Sfeir says he never visited.

Most of the trips ranged in price from $10 to $100. But when he received a bill for a whopping $982 rung up for an Uber trip in Chicago, Sfeir says he began to panic.

“That was really scary,” he says, adding that at first, even his credit card company didn’t believe his story.

Read more here

#CyberFLASH: Over 70,000 Canadian credit cards suddenly on sale on dark web


Some Canadian organizations like to think they’re safer from cyber attack because of the relatively few publicly-reported data breaches here.

It’s true there are fewer breaches reported in this country. And international figures show reported malware attacks here are lower than in the U.S. But that doesn’t mean they don’t happen. It’s just that they don’t get reported.

For example, at this week’s SecTor security conference in Toronto a Telus Security Solutions consultant said early this year a batch of over 70,000 Canadian credit card numbers popped up for sale on the darknet.

So far no organization has announced a theft.

Milind Bhargava made the revelation as part of a presentation he and another Telus security investigator did on how much personal information on Canadians was available on the darknet.

His division regularly monitors credit card sales sites for corporate customers, he said. It’s not hard to identify Canadian credit and debit cards – the first six digits of every card identifies the bank and type of card.

In the early months of this year ”suddenly we saw 70,000-plus cards from the same province,” he said. “Multiple banks, but all from the same province. We have never seen so many from the same province.” He wouldn’t identify the province or the ).

The card data, with expiry dates ranging from this year to 2020, were being sold for between forty cents and $3 each.

Read more here

#CyberFLASH: One in five risk managers surveyed not sure whether their cyber insurance policy covers data in cloud servers


Four in five risk managers surveyed said their company has a stand-alone cyber insurance policy, though only three in four reported their policy covers network/business interruption, Risk and Insurance Management Society Inc. said in the 2016 RIMS Cyber Survey, released Monday.

There were 272 respondents to the survey, which was distributed to RIMS members via an Internet link, and was “in field between August 8 and September 9, 2016.”

When asked whether their company has a “stand-alone cyber insurance policy,” 80% of respondents said yes, 19.5% said no and 0.5% said they were not sure.

Respondents were asked whether their organization’s cyber insurance extends to data stored in cloud servers. More than two-thirds (69%) said yes, 9% said no and 22% said they were not sure.

RIMS also asked members which losses were included in their cyber insurance policies. More than nine in 10 (91%) said breach notification costs. About one in four (27%) said theft of trade secrets; 80% said data recovery; 50% said professional liability; 76% said network/business interruption; 78% cyber extortion and 63% said fines and penalties.

Read more here

#CyberFLASH: National Cyber Security Awareness Month: 10 Tips For Businesses


In a world that is more connected and accessible than ever, the declaration of October as national Cyber Security Awareness Month by governments and business leaders in several countries including Canada, the United States and Australia, is a strong statement that cybersecurity is an international safety concern.

The campaign aims to bring awareness to the wide scope of concerns that the term cybersecurity covers, including internet security, privacy, mobile safety, distributed denial-of-service (DDoS) attacks, botnets, hacking, data breaches, malware, pharming and phishing to name a few.

Now is a good time for businesses to review their cybersecurity practices. It is tempting to think that “it can’t happen to me”, but in the wake of Yahoo’s recent admission that personal data was hacked, it is clear that this can happen to anyone.

Of course, technological safeguards are critical to security, however operations and policy play a crucial role as well. The steps outlined below focus on tips that involve measures that go beyond technology.

  1. Plan on a Prudent Response. In a 2015 study commissioned by the Office of the Privacy Commissioner of Canada, only 41% of surveyed companies stated that they had policies or procedures in place that dealt with data breaches where there was a compromise of customer personal information. If an Incident Response Plan is made ahead of time in order to deal with a cybersecurity breach, a company will be in a position to respond quickly in a manner that mitigates harm to the business and to third parties (such as customers). Companies who do not make such a Plan are often caught flat-footed and fumble through an incident, and increase the risk of complaints to regulators and class action or other lawsuits.
  2. Build an Effective and Safe Cybersecurity Workforce. Robust recruitment processes that properly vet candidates will help ensure that the hiring of problematic employees is avoided. Unfortunately, many attacks come from inside an organization. Background checks are an important tool in the screening process. Employees play a key role in helping to prevent cybersecurity incidents. Proper training is key, and will enable employees to spot suspicious activities and events, and report them to the appropriate personnel. Employees are the single most important group of people who can help to reduce unintentional errors and technological vulnerabilities.

Read more here

#CyberFLASH: Protecting yourself from cyberattacks challenging, says IT expert

computer-passwordsDermot Williams says hackers are creating new tricks to mount cyberattacks all the time making it more challenging to protect against them.

Williams, the chief executive officer of the information technology security firm Threatscape in Ireland spoke to Shift New Brunswick host Vanessa Vander Valk.

He said New Brunswick has all the technology skills necessary to help in the fight against cyber crime.

“If you build a better solution on the cybersecurity world people will absolutely beat a path to your door cause they need to stay ahead of the bad guys and they will be looking for the innovation coming out of smaller companies to produce solutions to challenges.”

Williams, who will be taking part in a discussion called Cybersecurity in a Dangerous Time at the University of New Brunswick Saturday, said what is most concerning about the hacks is the rewards the hackers are reaping.

In the past week, hackers were able to target election systems in 20 states in the United States, infect cameras and DVRs for massive internet attacks and steal 500 million user accounts after a hack at Yahoo.

“That’s only encouraging them to keep on doing it and become more persistent. They’re making money or if they are cyber activists, they are making a point. Or if they are politically motivated they are making wins for their side. All of these things will just keep them coming back.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.