Recently, the Canadian Centre for Cyber Security published its National Cyber Threat Assessment to detail its analysis of current cyber threats to Canada and Canadians. Part of this assessment examines the biggest cyber threats to Canadian businesses in 2019. These threats can lead to financial losses, damages to the organization’s reputation, loss of productivity, theft of intellectual property and disruptions to operations. Below are the six key cyber security threats for Canadian businesses to be mindful of in 2019.
Targeting Business Executives
One common tactic among cyber criminals is to target high-profile employees who have privileged access to company funds and resources. The criminals will send an email that appears to come from an employee or department to an executive asking to deposit funds into the criminal’s bank account. This technique is known as whaling, and depends on exploiting predictable human behaviour to obtain otherwise secure resources or information.
Exploiting Retail Technology
Another tactic for cyber criminals is to target retail technology that has out-of-date security. By installing malware on point-of-sale devices, cyber criminals may be able to steal private customer information, make fraudulent purchases, manipulate prices and find other ways to disrupt the business. Once cyber criminals have stolen credit card numbers, they often sell them cheaply to others who can recreate the stolen cards for use elsewhere.
Stealing Customer and Client Data
Cyber criminals will often target databases with large quantities of personal information such as names, addresses, phone numbers, financial details and employment information. Criminals will steal and either sell or use this information to conduct further targeted attacks on groups or individuals. In some cases, cyber criminals will also use this information to extort businesses, threatening to expose private information in exchange for paying a sizeable ransom.
Cyber criminals may target commercial information such as intellectual property with the goal of undercutting competition or gaining a better position in business negotiations. This threat is greater for Canadian businesses in strategic sectors of the economy, and especially for businesses that operate abroad. Legislation and technology in other countries may allow their police or security to access data that is stored in their country to undercut Canada’s strategic position in global markets.
Supply Chain Compromises
Because supply chains can be incredibly complex and distributed across the world, they are prime targets for cyber criminals. Because many businesses are independent, the supply chain is only as secure as its least secure link, allowing criminals the opportunity to compromise a device or component before it is connected to a secured network.
Managed Service Providers
Since managed service providers tend to have extensive access to the networks of many clients, they are high-value targets for cyber criminals. Cyber criminals who gain access to a managed service provider simultaneously gain access to many or all of their clients’ networks and digital property.