Statistics and polls show that residents of the United States are concerned about cybersecurity and a recent survey conducted late in 2021 illustrates this: The poll by The Pearson Institute and The Associated Press-NORC Center for Public Affairs Research shows that about 9 in 10 Americans are at least somewhat concerned about hacking that involves their personal information, financial institutions, government agencies or certain utilities. About two-thirds say they are very or extremely concerned.
The United States has often been a target for foreign adversaries, and the conflict in Ukraine has only heightened American awareness since that poll was taken. Canada has not generally inspired the same international antagonism. And while businesses and individuals in the United States are generally on heightened alert because of this, that is not always the case north of the border. As such, the Canadian Cybersecurity Centre is warning in a new report that complacency could lead to more attacks.
Weak spots create opportunity for hackers
“Weakness in one spot is a danger everywhere. Suppose hackers can breach a less fortified system at a Canadian company. In that case, they can sometimes move laterally into other systems and companies, so we need strong cybersecurity everywhere,” says Brandon Mason, a cybersecurity specialist in Seattle who consults with international companies.
According to the Canadian Cybersecurity Centre report, only 16 percent of Canadian respondents think it is “likely” that a cyber threat could compromise their personal information over the next year, and even less believe they are likely to be the victim of a cyber-attack causing the loss of files (seven percent), financial loss (six percent) or having their data held for ransom (four percent).
“This is concerning because the `it can’t happen to you’ mentality often means it will happen to you; hackers and cybercriminals know where the weak spots are,” Mason warns.
Consumers and businesses are alike when it comes to complacency
The Canadian Cybersecurity Centre report, though, shows that complacency is evident not only among Canadian consumers but also in businesses.
Some key findings:
- Only three in ten are worried about work disruptions or financial loss. Slightly fewer are apprehensive about the damage to the organization’s reputation due to a cyber threat or their company’s data being held for ransom.
- Under half are not concerned because they feel the threat to their type of company is very low.
- One in four have researched and taken steps to protect their business online. More than two-thirds of three business owners or managers report that their company has implemented password protection on all devices. Slightly fewer, but still more than half keep security software up to date on all machines, use password or user authentication for wireless and remote access, or back up information on all devices.
“This tells me there is a lot of room for MSPs to grow in the Canadian market. Most businesses have a thin IT bench and do not have the budget to invest heavily in it, but my experience is, if educated, they would hire it out, and that is where an MSP is well-positioned to be successful,” Mason advises.
According to the Canadian Cybersecurity Centre report, only half of Canadian business owners or managers believe that their organization would benefit from information containing guidelines for reacting to a cyberattack, a list of the types of threats that exist, and clues to look out for.
“This demonstrates that there is an untapped market in Canada for cybersecurity tools and expertise,” Mason points out.
According to the report, only two in five Canadian business owners feel they would benefit from information on steps to protect mobile devices in a public setting, best practices for employees on how to handle passwords, best practices for safe cloud computing, guidelines on the use of personal devices for work, resources on how to encrypt computers, tips on the type of software/hardware to make networks secure, guidelines to establish rules for safe email usage policies, best practices for the use of storage devices, or best practices on a clear internet usage policy.
“That is a very alarming statistic that shows me that Canadian businesses are very vulnerable,” Mason says.
A back-to-basics approach is needed
The Canadian Cybersecurity Centre recommends a back-to-basics approach to cybersecurity north of the border. The top five cybersecurity measures Canadian businesses have put into place, according to the report, are:
- Require Password Protection on All Devices
- Keep Security Software Updated on All Devices
- User a Password or User Authentication for Wireless and Remote Access
- Back-Up Information on All Devices
- Set Spam Filters
“These are basic steps to take, but they are easy to overlook in a country that hasn’t been particularly targeted,” Mason reports, adding that all businesses should take at least these basic steps and if they can’t, they should hire an MSP to do it for them.
“Think about living in a small town and how you might not lock your door at night like you would if you lived in the city. It’s not smart, but it’s understandable. Just like someone living in a rural, small town where everyone knows one another should still lock their door, Canadian companies need to lock their virtual doors, and MSPs can help,” Mason concludes.
Photo: max.ku / Shutterstock