Crown Jewels:

These are the organization’s most critical assets that must be protected to maintain operational continuity.

Your organization’s crown jewels can include but are not limited to:

• Client or citizen information

• Employee information

• Financial information

• Networks and systems required to operate

• Trade secrets

• Intellectual property

Cryptocurrency:

A digital asset, or currency. Strong encryption techniques are used to control how units of cryptocurrency are created and to verify transactions. Cryptocurrencies generally operate independently of a central bank, central authority or government. It can be exchanged for goods and services by those willing to accept it.

It's considered pseudo-anonymous. Every Bitcoin transaction is captured on the blockchain, which is a public ledger of transactions similar to what you would find in an accountant's office. It's an electronic record of every transaction, which includes details such as the amount sent and the addresses involved. But the owner's identity is never displayed. Many cyber criminals use cryptocurrency due to its pseudo-anonymity.

Cyber hygiene:

Refers to incorporating good cyber security habits or practices into your daily routine.

Adopt these habits to help you and your organization stay cyber safe:

1. Classify information with the appropriate sensitivity level, label and store it accordingly.

2. Disable your camera and location services when not in use. In most cell phones and laptops, this can be toggled off or on within your settings under privacy.

3. Clear your browser and delete cookies regularly. There are a variety of cookies, but in general a cookie is a small piece of data used to identify and track your visit to a website. In most cases cookies are harmless and improve your internet browsing experience. However, cookies can be used to hijack your browsing sessions and reveal information about you and the websites you visit, including banking and other sensitive information.

4. At the end of the day, properly log out of all applications and log out of your system/network.

5. Participate in safe browsing.Pay attention to system warnings and avoid untrusted websites.

6. Ensure all privacy and security settings are reviewed and enabled on all applications and social media platforms.

7. Be cautious about people you don’t know who may approach you online.

8. Avoid oversharing on social media platforms or websites. Many organizations have a policy that discusses who can share organizational information on social media. However, some do not. Avoid sharing organizational information on your personal social media accounts. It could be used against your organization and can put you at risk. Before you post it, ask yourself, could this information create a cyber security risk? For example, are you sharing information you might use in a passphrase one day?

9. Think before you click on any links or attachments. Only interact with emails or websites that you know are safe.

Denial of service (DoS):

These attacks occur when a threat actor attempts to overwhelm a system so that it no longer functions. Most networks have limited capacity (bandwidth). DoS attacks will send so much traffic to a network or website that it is overwhelmed. The target organization’s network and/or website may become incredibly slow or completely cease to function.

How to identify a DoS attack

DoS attacks are indicated by network services (including websites) becoming unexpectedly slower or unavailable. While there can be legitimate reasons for a web service to slow, there are some signs that the slowdown is due to a DoS attack:

• The change in service is unexpected

• There is an unnatural pattern to spikes in traffic, such as a spike every 15 minutes

What to do if you fall victim

If you think you have fallen victim of a DoS attack, follow the steps listed in section:

Malware:

Malicious software, commonly referred to as malware, is software and/or program code/instructions inserted into a system, usually covertly, with the intention of compromising one or more of confidentiality, integrity, or availability associated with the system or the data it processes. A cyber criminal may use malware to steal information or carry out malicious activities. Malware is an overarching term that encompasses more traditional virus, worm, and trojan software, as well as modern ransomware, droppers/payloads, rootkits, and sniffer/logger threats.

How do you get malware?

The two most common ways for malware to be installed on your device are by accidentally downloading it while trying to download legitimate software, or through a phishing attack. In both instances, there are easy steps to take to protect yourself.

How to protect yourself

• Be aware of downloads

• Be vigilant when downloading software, or documents. If you are downloading something from the internet, ensure that you go to legitimate sources. You may also be able to cryptographically validate the source of some software. Cyber criminals can make fake websites that look very convincing. Ensure you always check that the web address (URL) is accurate and look for spelling errors or incorrect logos before downloading anything.

• Avoid phishing attacks

• Learn more about phishing attacks and how to avoid them.

• Install anti-malware software

• Install and use reputable anti-malware software. Ensure it is set up to automatically scan other software and documents before they are downloaded to your computer. You can also set it up to scan your device at regular intervals.

Multi-factor authentication (MFA):

Authentication using two or more authentication factors. In other words, two or more pieces of evidence – your credentials – are required when logging into an account.

These credentials (or factors) fall into three categories:

• Something you know, like a password or PIN

• Something you have, like a token or an authenticator app on your mobile phone

• Something you are, as represented by a fingerprint or face scan

Two-factor authentication (2FA) is a form of multi-factor authentication. These terms are often used synonymously.

To be considered MFA, each authentication factor must be from a different category.

Why use multi-factor authentication

Multi-factor authentication is proven to help you, your office network and the enterprise stay safer.

Multi-factor authentication is just as helpful in your non-work life. Service providers, includes banking institutions and the Canada Revenue Agency, encourage you to set up MFA.

While it is not possible to stop all cybercrime, MFA does significantly reduce your chances of being a victim. Your information is safer because hackers would need all your authentication factors in order to log in as you. As some services offer a reset ability to regain access even to MFA-protected accounts, continue to exercise caution regarding unusual activity, unexpected changes to your account or the associated credentials, or access attempts.

Phishing:

Phishing is the most common form of social engineering attack.

Phishing occurs when a threat actor impersonates a trusted entity through email to try and fraudulently obtain personal information, financial information or access to systems. The email prompts the targeted individual to act. The action could be to click on a link, provide information, open an attachment, download a file, or provide remote access to a workstation. This action provides the threat actor with information or access to a system.

Phishing uses email to solicit your information by posing as a trustworthy person or entity. For example, the threat actor may send emails disguised as your boss or a financial institution requesting your account information.

The threat actor will use this information to gain access to your online accounts. Once the threat actor has access to your accounts, they may use this access to carry out a larger cyber attack.

How to spot a phishing attack

There are ways to detect these types of attack. Here are some common indicators:

• The communication is from an unknown user, organization, or domain name.

• The communication seemingly comes from someone within an organization, but with a non-organizational domain name. For example, your director is emailing you from an @gmail account.

• The correspondence expresses an unusual level of urgency.

• The content contains errors such as misspelled names, misused organizational terms or titles, or misrepresented or misplaced logos.

• The communication is unsolicited and asks you to do something.

• The tone, content or wording is inconsistent with what would be expected.

• The email has attachments with unusual file names or links with an unusual URL. Roll over: Uniform Resource Locator – commonly referred to as a web address, a URL is the specific location of a networked piece of technology on a network, such as a computer, router, or database.

• The offer seems too good to be true.

• The request is driven by a motivation such as financial benefit or another benefit.

You should always be vigilant and watch for these indicators. However just because a communication has one of these indicators doesn’t mean that it is an attack.

If you are suspicious, confirm the request with the sender prior to taking any action requested in the message. If you don’t recognize the sender or their email address doesn’t match their name, report the message.

What to do if you receive a suspected phishing email

Follow the steps for responding to a social engineering attack.
Additionally, follow your organization’s protocol for reporting phishing attacks.

What to do if you fall victim to a phishing email

If you think that you may have been the victim of phishing, follow these steps in this section:

Ransomware:

Ransomware is a type of malware that makes data inaccessible. When ransomware infects a device, it will either lock your screen or encrypt all your files. It may be contained to a single device but can also make the data of an entire organization inaccessible. Once the files are inaccessible the threat actor will send you a message indicating the ransom that must be paid in order to regain access to your files. This payment is typically requested in cryptocurrency as it is harder to track. The threat actor may also threaten to leak private information or threaten your clients directly if you do not pay right away.

How to protect yourself

A cyber criminal must be able to gain access to your system prior to initiating a ransomware attack. Follow these best practices to keep cyber criminals out of your systems and devices.

It is important to back up your data regularly. You can back up your data on an external hard drive or on the cloud. If your data is encrypted by a ransomware attack, you can recover your data by using your backup.

What to do if you fall victim

If you think that you may have been the victim of a ransomware attack, take these steps:

1. Tell your organization’s cyber security team.

2. Remove the malware from your device(s). If you are unable to do so yourself, get assistance from a cyber security professional.

3. Restore your systems with your data backup.

4. Change all passwords to online accounts.

Double- and triple-extortion ransomware

Traditional ransomware attacks only demand payment to decrypt the files. Recent ransomware attacks are more complex. In double-extortion ransomware attacks, the threat actors demand a ransom and threaten to leak private information. In triple-extortion ransomware attacks, the threat actor demands a ransom payment, threatens to leak private information, and sends ransom demands to the users or customers of the impacted institution.

Single sign-on:

A system where an individual can use a single set of login credentials (e.g., username and password) to access multiple services. For example, you could use one set of login credentials to access both your email and another application such as a collaboration tool.

Social Engineering:

Social engineering is the use of deception to exploit human nature, our habits and our trust to gain information or access information systems. Threat actors attempt to drive desired behaviour through fear including fear of missing out, intimidation, coercion, urgency, opportunity or even befriending the user.

Information sought by threat actors for fraudulent purposes can include:

• Confidential information, such as passwords and login credentials

• Personal information, such as bank information

How is it successful?

Social engineering attacks are successful because they exploit human nature while skirting typical cyber security defences.

These attacks are particularly insidious because they are stealthy and are often well established before becoming apparent.

Threat actors do their homework. They target people who are less likely to check before taking the requested action. In other words, they target people who are easier to manipulate.

Are you an easy target? If you receive an email from a leader in your organization asking you to complete a task quickly, would you take the time to scan the message for signs of a social engineering attack? And would you feel comfortable following up to confirm the authenticity of the request before taking any other action?

The threat actor is looking to collect enough information to infiltrate an organization's network or your financial accounts.

To be successful, the cyber threat actor merely needs to get the individual to do what is requested of them. Unfortunately, because these attacks rely on our curiosity, insecurity or trust to gain access, they tend to be very successful.

Social engineering tactics

Knowing how threat actors can use you to gain access to information and systems is critical.

Tactics and techniques used in social engineering attacks include:

• Pre-texting – Crafting a scenario, or pretext, to increase the likelihood that the target will engage in the desired behaviour.

• Phishing – Simulating a legitimate email communication that lures individuals into providing information, with email as the attack vector.

• Smishing – A form of phishing, with SMS/text messaging as the attack vector.

• Vishing– A form of phishing, using voice phone calls as the attack vector.

• Spear-phishing or targeted phishing – Specifically targeting a useful or high-value individual with a phishing attack.

• Water holing – Gathering information about regularly visited websites and finding vulnerabilities within these websites that can be used to launch malware against individuals who visit, thereby providing a pathway into organizational systems.

• Baiting – Using media storage devices that contain malware that can infect the systems of users, such as leaving malicious USB thumb drives near the target organization’s office.