Cybersecurity 2024

TCyber resilience

CYBERSECURITY

Approach to Combat Ransomware

A conversation between the Canadian Chamber of Commerce's Ulrike Bahr-Gedalia and BlackBerry’s Marjorie

Cyber attacks on Canadian businesses are increasing at an alarming rate and costing impacted companies millions of dollars (not to say anything about damage to reputation). That’s the bad news. The good news is a one-ofa-kind Canadian organization is bringing business together to share knowledge of cyber threats and collaborate on mitigation strategies.

he Canadian Cyber Threat Exchange, a not-for-profit organization, is the country’s only cross-sector cyber threat collaboration forum and source of cyber threat intelligence. It provides robust data on threats and vulnerabilities, and access to a network of member organizations. “It’s hard for companies on their own to stay on top of the evolving sophistication of hackers,” says Robert Gordon, the Exchange’s strategic advisor. “They wouldn’t typically have the financial or people resources to be aware of cyber threats and how to mitigate them, but leveraging the experiences and expertise of our community, organizations can easily understand the strategies that are working, the ones that aren’t, and the latest trends.”

Emerging technologies, including artificial intelligence, are creating huge business advantages. But that same tech is used by cyber attackers, and their level of cleverness is increasing. It’s no longer just phishing emails, hackers are cloning voices, and using other sophisticated means. Technology is also making it easier for small-scale hackers to get involved and scale up the attacks. Gordon urges companies to realize that

it’s not if an attack will happen, but when. Many businesses might not see themselves as having huge stores of data, but hackers aren’t always after the company’s secret sauce, but will steal data or hack into systems and disable them until a ransom is paid.

With the average ransomware payment increasing by 82 per cent year-over-year, organizations across Canada are facing what cybersecurity specialists are hailing as “The Ransomware Armageddon.”

Combined with the fact that the average downtime after a ransomware attack is over 20 days, proactive cybersecurity has become a top priority for leaders across all industries.

Proactive security: beyond defense Anticipating and addressing threats before a cybercriminal strikes is crucial for effective defense. Reactive measures alone often fall short, exposing companies to operational downtime, financial losses, and reputational damage.

By proactively investing in updated Incident Response Plans, Employee Awareness Training, and cybersecurity measures — like Red Teaming exercises–

Staying Ahead of the Hackers: How One Organization is Helping Businesses Secure Themselves

Having a comprehensive approach to cyber security, in which all departments are at the table to discuss risks and determine mitigation strategies is key. “With technology being so accessible, business groups can often bypass IT, but everyone needs to be aware of the risks. It’s a different dialogue that has to happen,” says Gordon. “At the very least, businesses need to know the cyber security basics, but they also need to consider cyber resiliency and have a business continuity plan. Assume a risk will happen and be as prepared as possible, so you can respond quickly.”

Increasing the aperture of information

The exchange is unique in that there is no other organization in North America that has

As a highly connected and wealthy country, Canada is a huge target for criminals wanting to take advantage of weak systems.

How Safe Are You From the Next Cyberattack?

that go beyond automated vulnerability scans, organizations can empower their teams and maintain competitiveness in a threat landscape where “reputational contagion” means that a single successful ransomware attack can cost billions in reputation-related losses.

Two ways your organization can counteract ransomware attacks

1. Red Teaming is a critical component of any successful cyber program, as it simulates real-world attacks to measure your team’s reaction times, monitoring, and response to cyber threats. In today’s modern cyber threat landscape, the speed with which a team responds means the difference between a “minor” disruption–ranging from hours to days–to major disruptions that can last weeks to months, yielding massive business losses.

2. Dark Web Monitoring, one of the 100% tester-driven services offered by Toron-

the kind of cross-sectoral lens on cyber security.

“Cyber threats aren't unique to one sector,” says Jennifer Quaid, the Exchange’s executive director. “Attacks can come through a third-party HR or payment system, and it’s likely those systems are used across sectors.”

A cyberattack can be catastrophic for a company, leading to a temporary shutdown or even bankruptcy. In Canada, it’s estimated that the cost of a data breach is more than $5 million. As a highly connected and wealthy country, Canada is a huge target for criminals wanting to take advantage of weak systems. “If we don't focus on cyber security, we’ll continue to be a target and drive emerging technology and research investment out of the country, impacting economic growth,” says Quaid.

to-based penetration testing firm Packetlabs, works to track and contain mentions of your organization on the Dark Web. Monitoring the Dark Web is not just a precautionary measure — it’s a vital defense for protecting your company’s brand, assets, data, associates, and partners.

“At Packetlabs, we believe the best defense starts with offense — specifically, looking at your network from a ransomware operator’s perspective in order to understand how they would move throughout your IT systems,” says Richard Rogerson, Founder and CEO of Packetlabs. “Often, organizations rapidly deploy countless technologies and tooling without understanding how effective they are at reducing the likelihood and impact of a breach. When it comes to a ransomware attack, it isn’t a matter of ‘if’

it’s a matter of ‘when.’ And there is no better counterattack than

Navigating AI Cyber Threats with Resilient Defense and Recovery Plans

As AI-driven cyber threats become more advanced, building robust recovery strategies and reinforcing cyber resilience are essential for organizational survival.

It’s no secret that cyberattacks are a major threat to organizations in all industries. Despite widespread warnings of malicious activity and the potential for financial and reputational ruin they can cause, many organizations are far less equipped to deal with an attack than they realize.

Imagine receiving an email or SMS from your CEO urgently requesting money be sent to pay a supplier, only to find out that it was a scammer after you put the payment through. Or imagine a cybercriminal using stolen login credentials to access your company’s internal systems, making it nearly impossible to tell the difference between the legitimate user and the fraudster.

Today, cyber threats such as ransomware, phishing, deepfakes and supply-chain attacks are more sophisticated, thanks to new technologies. More and more, cybercriminals are using generative AI for multi-vector attacks, going after a network or target on several fronts, sometimes in phases.

Denis Villeneuve is the Cybersecurity and Resilience Practice Leader at Kyndryl Canada, as well as the co-chair of the company’s Indigenous Working Group. He says cyberthreats have always evolved to utilize the latest technological advancements. But generative AI’s unprecedented ability to streamline and speed up malicious activity has facilitated the need for more robust protective measures.

The good news is that AI is not just for the bad actors. AI is being leveraged to create holistic cyber defenses and recovery plans. “I used to say early on, ‘automate the known threats so you can orchestrate the unknown threats’,” says Villeneuve. “We're getting to the point where we're automating the known threats and also automating the orchestration of unknown threats.” He points to tabletop exercises that can be performed using a digital twin of the network under various forms of attack to demonstrate how an organization's environment will react.

A key part of the plan should include evaluating each layer of your network. Take for example a bus scheduling tool designed to help passengers plan their trip from point A to point B. If it’s built on an old booking system housed in a dusty closet somewhere, the entire application could collapse if that one system goes down. Moving a program to the cloud to improve resilience is only useful if each underlying hook meets the same level of resilience.

In the race to the cloud following the pandemic, some recovery and resilience plans were set aside. “Organizations are only starting to catch up on dusting off their resilience strategy,” says Villeneuve. Backup and recovery strategies need to be updated for the new hybrid world and the hybrid estate. He stresses how important it is to “have an understanding of minimum viable company/organization/ government in order to put the right resilience into your applications and infrastructure to be able to respond accordingly or recover accordingly.”

A cyber resilience plan needs to combine cybersecurity, business continuity, and disaster recovery. Working with a company that bakes security and cyber resilience into systems and infrastructure is integral to maintaining a healthy digital environment. Kyndryl understands the complicated global system of compliance and risk management and recovery because they are there, on the ground, with 80,000 employees worldwide managing some of the top mission-critical workloads.

Moving beyond hypotheticals on paper to this level of detail in an exercise also helps highlight where aspects of cyber resilience may need to be shored up. Organizations will often invest in preventative pre-breach “left of boom” cybersecurity measures, and less so on ”right of boom” post-breach recovery. “Being able to be more resilient is actually putting in the plans and updating the plans for recoverability.” says Villeneuve.

As part of this, Kyndryl has a global network of Security Operations Centres, including one in Canada, that offer comprehensive support and advanced protection capabilities for the entire cyber threat lifecycle. Using artificial intelligence, specifically machine learning and integrated automation systems, they help businesses anticipate, protect, withstand, and recover from attacks.