Category: Security

7 Simple Tips to Boost Your Small Business’s Cybersecurity

7 Simple Tips to Boost Your Small Business’s Cybersecurity

Information Security, Security
7 Simple Tips to Boost Your Small Business's Cybersecurity Effective cybersecurity should be a priority for every small business today when more than 70% of cyber-attacks are targeted at them. Hackers know they have less money to invest in state-of-the-art measures like bigger companies do, so they’re easier prey. Sadly, cyber-attacks can have devastating results. More than one-fifth of companies in Canada have been affected by cybersecurity incidents that disrupted their operations, and employees were unable to use key resources or services (computers, email) in over 50% of these cases. But implementing solid cybersecurity measures to protect your small business can be difficult if you’re not sure where to start or you don’t know how to make the best of the limited resources available. In this post, we’ll explore 7…
Read More
8 Common Cybersecurity Threats to Watch Out For

8 Common Cybersecurity Threats to Watch Out For

Security
8 common cybersecurity threats to watch out for 2020 has been a strange year, to say the very least. But despite Covid-19 throwing the world into disarray, hackers have shown no signs of slowing down — some even took advantage of the pandemic to exploit targets. In October, it was reported that more than a quarter of Canadian organizations surveyed had been affected by Covid-19-themed attacks. The Minister of National Defence, Honourable Harjit Sajjan, actually stated that “cyber security has never been more important, as more and more of our business and personal activities move online.” Scott Jones of the Canadian Centre for Cyber Security, reinforced these sentiments: “From cybercriminals holding our personal information for ransom, to state-sponsored actors threatening our critical infrastructure, the cyber threats Canadians face are increasing…
Read More
6 Common Cybersecurity Mistakes Businesses Make

6 Common Cybersecurity Mistakes Businesses Make

Security
6 Common Cybersecurity Mistakes Businesses Make Does your business have effective safeguards in place to protect it from cyberattacks? Sadly, for too many Canadian companies, the answer would be “no”. Research shows 70 percent of small businesses are unprepared for a cyber attack, and more than half of small businesses have no intention of investing in cybersecurity training for staff in the near future either. And that’s a major problem when there are so many cybersecurity risks to contend with today, each bringing a real risk of financial loss. For example, ransomware (one of the most common types of cyberattack in Canada) costs companies an average of around $65,700 in losses through unexpected downtime. No company can afford to take its IT security for granted when even the smallest oversight…
Read More
Canada, Together with Other Countries, Issues Advisory Aimed at Helping Organizations Protect Themselves Online

Canada, Together with Other Countries, Issues Advisory Aimed at Helping Organizations Protect Themselves Online

Information Security
Canada, Together with Other Countries, Issues Advisory Aimed at Helping Organizations Protect Themselves Online Canada joins four other countries, Australia, New Zealand, UK and the US, in issuing a joint technical advisory that details approaches for organizations to stay safe from malicious cyber actors. The advisory called “Technical Approaches to Uncovering and Remediating Malicious Activity” highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The following are the highlights of the joint advisory: Uncovering Malicious Activity To uncover malicious activity, the advisory recommends to organizations to conduct the following: 1. Indicators of compromise (IOC) Search IOC search refers to the hunt of an artifact – referring to any element of a software – on the network or in an operating system that suggests with…
Read More
Healthcare & Essential Services Involved in COVID-19 Response Targeted by Threat Groups

Healthcare & Essential Services Involved in COVID-19 Response Targeted by Threat Groups

IT Support, Security
Healthcare & Essential Services Involved in COVID-19 Response Targeted by Threat Groups The national cybersecurity agencies in two countries, the UK and the US, recently issued a joint alert warning that threat actors are targeting healthcare and essential services involved in the response to COVID-19. In a joint alert, the United Kingdom’s National Cyber Security Centre (NCSC) and United State’s Cybersecurity and Infrastructure Security Agency (CISA) warned that advanced persistent threat (APT) groups are targeting organizations involved in both national and international COVID-19 responses, including healthcare bodies, pharmaceutical companies, academia, medical research organizations and local governments. APT groups refer to malicious actors, typically nation-state or state-sponsored, whose sole purpose is to gain access to victims’ computer networks and remain there undetected for an extended period. According to NCSC and CISA,…
Read More
Cybersecurity Considerations When Video-Teleconferencing

Cybersecurity Considerations When Video-Teleconferencing

Information Security
Cybersecurity Considerations When Video-Teleconferencing As the COVID-19 crisis fast-forward the work-from-home and study-from-home adoption, many are increasingly using the video-teleconferencing platform. This platform, however, has become the new target by cybercriminals. What Is Video-Teleconferencing? Video-teleconferencing, also known as VTC, is a technology that allows two or more people in different geographic locations to conduct meetings or online classes in real-time by using simultaneous audio and video transmission. Video-teleconferencing is often confused with Voice over Internet Protocol (VoIP). The reason why video-teleconferencing is often confused with VoIP is that video-teleconferencing is often an integral part of a VoIP system. VoIP, which serves as a foundation of unified communications, includes not just video-teleconferencing service, but also voice and instant messaging services. Microsoft’s Skype, Google’s Duo and Zoom are examples of video-teleconferencing software…
Read More
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Information Security
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company A recently published decision by the High Court of Business and Property, a division of the High Court of England and Wales, revealed that the attacker or attackers behind the ransomware attack on a Canadian insurance company were paid nearly a million U.S. dollars. The ransomware attack at a Canadian insurance company and the issuing ransom payment, which were hidden from the public, only surfaced after the insurer of the Canadian insurance company, an insurance company based in the UK, filed a case in court to recover the ransom paid to the attackers. Ransomware is a type of malicious software (malware) that encrypts victims’ computers or data, locking out legitimate users from accessing these computers or…
Read More
Canadian Centre for Cyber Security Recommends Disconnecting Vulnerable Citrix Devices from the Internet

Canadian Centre for Cyber Security Recommends Disconnecting Vulnerable Citrix Devices from the Internet

Information Security, IT Support
Canadian Centre for Cyber Security Recommends Disconnecting Vulnerable Citrix Devices from the Internet The Canadian Centre for Cyber Security has issued a security alert, advising Canadian organizations to disconnect their Citrix devices from the internet to prevent cyber-attacks. According to the Canadian Centre for Cyber Security, ongoing exploitation of the security vulnerability in Citrix devices officially designated as CVE-2019-19781 has been observed within Canada. The security vulnerability in Citrix devices allows an attacker to gain direct access to an organization’s local network from the internet. In exploiting this vulnerability, an attacker doesn’t need access to any accounts. As such, exploitation can be performed by any attacker. Citrix, for its part, said that CVE-2019-19781, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution. This vulnerability is rated Critical,…
Read More
300 Employees Lost Jobs Following a Botched Ransomware Recovery Process

300 Employees Lost Jobs Following a Botched Ransomware Recovery Process

Data Backup, Information Security
300 Employees Lost Jobs Following a Botched Ransomware Recovery Process More than 300 employees of The Heritage Company, an Arkansas-based telemarketing company, lost their jobs following a botched ransomware data recovery process. Just a few days before Christmas, Sandra Franecke, Owner and CEO of The Heritage Company, informed the more than 300 employees of the company that in October last year, the company’s servers were “attacked by malicious software that basically ‘held us hostage for ransom’ and we were forced to pay the crooks to get the ‘key’ just to get our systems back up and running”. While not naming the attack as ransomware attack, the attack described by the owner and CEO of The Heritage Company is typical of a ransomware attack – a type of cyber-attack that uses…
Read More
How to Protect Your Organization’s Network from Complex and Evolving Malware

How to Protect Your Organization’s Network from Complex and Evolving Malware

Information Security, News
How to Protect Your Organization’s Network from Complex and Evolving Malware Microsoft recently reported about Dexphot, an evolving malware (malicious software) that exhibits a level of complexity and evolution aimed at evading traditional security protections and flying under the radar of cyber defenders. Microsoft, in its latest blog post “Insights from one year of tracking a polymorphic threat” reported that it first detected Dexphot in October 2018. On June 18, 2019 alone, the report said, computers infected by this malware reached 80,000. According to Microsoft, while Dexphot won’t attract media attention as this malware’s goal is simply to steal the infected computers’ computing power for cryptocurrency mining to raise revenue for the attackers, this malware “exemplifies the level of complexity and rate of evolution of even everyday threats, intent on…
Read More

Category: Security

7 Simple Tips to Boost Your Small Business’s Cybersecurity

7 Simple Tips to Boost Your Small Business’s Cybersecurity

Information Security, Security
7 Simple Tips to Boost Your Small Business's Cybersecurity Effective cybersecurity should be a priority for every small business today when more than 70% of cyber-attacks are targeted at them. Hackers know they have less money to invest in state-of-the-art measures like bigger companies do, so they’re easier prey. Sadly, cyber-attacks can have devastating results. More than one-fifth of companies in Canada have been affected by cybersecurity incidents that disrupted their operations, and employees were unable to use key resources or services (computers, email) in over 50% of these cases. But implementing solid cybersecurity measures to protect your small business can be difficult if you’re not sure where to start or you don’t know how to make the best of the limited resources available. In this post, we’ll explore 7…
Read More
8 Common Cybersecurity Threats to Watch Out For

8 Common Cybersecurity Threats to Watch Out For

Security
8 common cybersecurity threats to watch out for 2020 has been a strange year, to say the very least. But despite Covid-19 throwing the world into disarray, hackers have shown no signs of slowing down — some even took advantage of the pandemic to exploit targets. In October, it was reported that more than a quarter of Canadian organizations surveyed had been affected by Covid-19-themed attacks. The Minister of National Defence, Honourable Harjit Sajjan, actually stated that “cyber security has never been more important, as more and more of our business and personal activities move online.” Scott Jones of the Canadian Centre for Cyber Security, reinforced these sentiments: “From cybercriminals holding our personal information for ransom, to state-sponsored actors threatening our critical infrastructure, the cyber threats Canadians face are increasing…
Read More
6 Common Cybersecurity Mistakes Businesses Make

6 Common Cybersecurity Mistakes Businesses Make

Security
6 Common Cybersecurity Mistakes Businesses Make Does your business have effective safeguards in place to protect it from cyberattacks? Sadly, for too many Canadian companies, the answer would be “no”. Research shows 70 percent of small businesses are unprepared for a cyber attack, and more than half of small businesses have no intention of investing in cybersecurity training for staff in the near future either. And that’s a major problem when there are so many cybersecurity risks to contend with today, each bringing a real risk of financial loss. For example, ransomware (one of the most common types of cyberattack in Canada) costs companies an average of around $65,700 in losses through unexpected downtime. No company can afford to take its IT security for granted when even the smallest oversight…
Read More
Canada, Together with Other Countries, Issues Advisory Aimed at Helping Organizations Protect Themselves Online

Canada, Together with Other Countries, Issues Advisory Aimed at Helping Organizations Protect Themselves Online

Information Security
Canada, Together with Other Countries, Issues Advisory Aimed at Helping Organizations Protect Themselves Online Canada joins four other countries, Australia, New Zealand, UK and the US, in issuing a joint technical advisory that details approaches for organizations to stay safe from malicious cyber actors. The advisory called “Technical Approaches to Uncovering and Remediating Malicious Activity” highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The following are the highlights of the joint advisory: Uncovering Malicious Activity To uncover malicious activity, the advisory recommends to organizations to conduct the following: 1. Indicators of compromise (IOC) Search IOC search refers to the hunt of an artifact – referring to any element of a software – on the network or in an operating system that suggests with…
Read More
Healthcare & Essential Services Involved in COVID-19 Response Targeted by Threat Groups

Healthcare & Essential Services Involved in COVID-19 Response Targeted by Threat Groups

IT Support, Security
Healthcare & Essential Services Involved in COVID-19 Response Targeted by Threat Groups The national cybersecurity agencies in two countries, the UK and the US, recently issued a joint alert warning that threat actors are targeting healthcare and essential services involved in the response to COVID-19. In a joint alert, the United Kingdom’s National Cyber Security Centre (NCSC) and United State’s Cybersecurity and Infrastructure Security Agency (CISA) warned that advanced persistent threat (APT) groups are targeting organizations involved in both national and international COVID-19 responses, including healthcare bodies, pharmaceutical companies, academia, medical research organizations and local governments. APT groups refer to malicious actors, typically nation-state or state-sponsored, whose sole purpose is to gain access to victims’ computer networks and remain there undetected for an extended period. According to NCSC and CISA,…
Read More
Cybersecurity Considerations When Video-Teleconferencing

Cybersecurity Considerations When Video-Teleconferencing

Information Security
Cybersecurity Considerations When Video-Teleconferencing As the COVID-19 crisis fast-forward the work-from-home and study-from-home adoption, many are increasingly using the video-teleconferencing platform. This platform, however, has become the new target by cybercriminals. What Is Video-Teleconferencing? Video-teleconferencing, also known as VTC, is a technology that allows two or more people in different geographic locations to conduct meetings or online classes in real-time by using simultaneous audio and video transmission. Video-teleconferencing is often confused with Voice over Internet Protocol (VoIP). The reason why video-teleconferencing is often confused with VoIP is that video-teleconferencing is often an integral part of a VoIP system. VoIP, which serves as a foundation of unified communications, includes not just video-teleconferencing service, but also voice and instant messaging services. Microsoft’s Skype, Google’s Duo and Zoom are examples of video-teleconferencing software…
Read More
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Information Security
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company A recently published decision by the High Court of Business and Property, a division of the High Court of England and Wales, revealed that the attacker or attackers behind the ransomware attack on a Canadian insurance company were paid nearly a million U.S. dollars. The ransomware attack at a Canadian insurance company and the issuing ransom payment, which were hidden from the public, only surfaced after the insurer of the Canadian insurance company, an insurance company based in the UK, filed a case in court to recover the ransom paid to the attackers. Ransomware is a type of malicious software (malware) that encrypts victims’ computers or data, locking out legitimate users from accessing these computers or…
Read More
Canadian Centre for Cyber Security Recommends Disconnecting Vulnerable Citrix Devices from the Internet

Canadian Centre for Cyber Security Recommends Disconnecting Vulnerable Citrix Devices from the Internet

Information Security, IT Support
Canadian Centre for Cyber Security Recommends Disconnecting Vulnerable Citrix Devices from the Internet The Canadian Centre for Cyber Security has issued a security alert, advising Canadian organizations to disconnect their Citrix devices from the internet to prevent cyber-attacks. According to the Canadian Centre for Cyber Security, ongoing exploitation of the security vulnerability in Citrix devices officially designated as CVE-2019-19781 has been observed within Canada. The security vulnerability in Citrix devices allows an attacker to gain direct access to an organization’s local network from the internet. In exploiting this vulnerability, an attacker doesn’t need access to any accounts. As such, exploitation can be performed by any attacker. Citrix, for its part, said that CVE-2019-19781, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution. This vulnerability is rated Critical,…
Read More
300 Employees Lost Jobs Following a Botched Ransomware Recovery Process

300 Employees Lost Jobs Following a Botched Ransomware Recovery Process

Data Backup, Information Security
300 Employees Lost Jobs Following a Botched Ransomware Recovery Process More than 300 employees of The Heritage Company, an Arkansas-based telemarketing company, lost their jobs following a botched ransomware data recovery process. Just a few days before Christmas, Sandra Franecke, Owner and CEO of The Heritage Company, informed the more than 300 employees of the company that in October last year, the company’s servers were “attacked by malicious software that basically ‘held us hostage for ransom’ and we were forced to pay the crooks to get the ‘key’ just to get our systems back up and running”. While not naming the attack as ransomware attack, the attack described by the owner and CEO of The Heritage Company is typical of a ransomware attack – a type of cyber-attack that uses…
Read More
How to Protect Your Organization’s Network from Complex and Evolving Malware

How to Protect Your Organization’s Network from Complex and Evolving Malware

Information Security, News
How to Protect Your Organization’s Network from Complex and Evolving Malware Microsoft recently reported about Dexphot, an evolving malware (malicious software) that exhibits a level of complexity and evolution aimed at evading traditional security protections and flying under the radar of cyber defenders. Microsoft, in its latest blog post “Insights from one year of tracking a polymorphic threat” reported that it first detected Dexphot in October 2018. On June 18, 2019 alone, the report said, computers infected by this malware reached 80,000. According to Microsoft, while Dexphot won’t attract media attention as this malware’s goal is simply to steal the infected computers’ computing power for cryptocurrency mining to raise revenue for the attackers, this malware “exemplifies the level of complexity and rate of evolution of even everyday threats, intent on…
Read More