top blog banner background image cyber defender logo
person working at computer

The Weakest Link

Over the last few decades, the dependence on digital technologies and services has risen across the globe and so with it has the opportunities for cyber attacks. Did you know that in 2019, approximately one-fifth of Canadian businesses claimed they had been impacted by cybersecurity incidents? Cyber attacks have also become more sophisticated, relying on techniques that target specific employees and organizations. Many of these attacks are perpetrated by orchestrated groups of actors sometimes sponsored by states.

The COVID-19 pandemic has only exacerbated these issues. Millions of Canadians had to immediately transition to working from home without the proper security safeguards in place. This increased the vulnerability of individuals and private companies and gave threat actors a greater ability to conduct cyber attacks.

Cyber attacks can have drastic consequences on the businesses and individuals that they target. In 2020, it was reported that the average cost of a data breach for Canadian companies was $4.50 million (USD). In 2017, approximately half of the companies that reported a cyber attack were unable to perform their day-to-day work. As a result, many businesses have begun to implement cybersecurity measures like anti-malware software and network security to help protect their information.

However, it is not only businesses and individuals that are the targets of these cyber attacks. In 2021, cyber attacks against governments around the world became more common, rising 47% according to Forbes. Canada overall loses $3.12 billion per year to cybersecurity and data breaches. Cyber attacks can greatly impact the security of the information and infrastructure of these governments. As cyber attacks become more common, and increasingly costly (both in terms of monetary loss and reputational damage), it is essential that businesses, individuals, and governments work together to create solutions that protect their society.

While cyber attacks might at first appear like a technical problem with only technical solutions, they have a critical human component. Whether it be clicking on unsafe links, not employing proper password hygiene, or unknowingly sharing private company information, humans are often regarded as the weakest link when it comes to an organization's cyber security. According to a study conducted by IBM, human error is the primary cause of 95% of cyber security breaches. Therefore, it is essential that organizations take the time to teach their employees about the best practices for cybersecurity. For an organization to be truly cyber safe, it must incorporate the human element of cyber security.

Participating in Cyber Security Awareness Month is a great first step – it will teach you about what cyber security means, why it is important, and what steps you can take to help keep your information, and the information of your organization, safe. Follow along the next four weeks with our videos and games to learn more about online reconnaissance, social engineering, password hygiene, ransomware, and what you can do to help combat these cyber threats. Participants will have the chance to win one of several prizes.

For more information on how to be cyber safe, check out: Resources - Cyber Security Ontario.

phone with social media icons

The Power and Pitfalls of Social Media

Employees have a critical role to play in maintaining the cyber security of their organizations. Human error is one of the most common ways threat actors can target a company. During the first week of Cyber Security Awareness Month, you will learn more about what online reconnaissance is, how threat actors can perform online reconnaissance, and the impacts it can have on an individual or organization.

Online reconnaissance is the practice of covertly collecting as much information as possible about a target system with the intention of gathering enough information to perform a cyber attack. Often, the first step in reconnaissance is engaging in open-source intelligence gathering, otherwise known as OSINT. This practice involves collecting information from publicly available sources, such as social media and news outlets. Threat actors can use this publicly available information to learn more about an individual or organization and form the basis for a targeted cyber attack.

What you post online can reveal a lot about yourself – and your organization. Social media accounts are a valuable way for hackers to conduct open-source intelligence gathering. Employees need to be mindful of what they post on social media and other online platforms. While social media is a powerful tool for individuals and organizations connect with the public and share information, it can also become dangerous when proper information sharing protocols are not established or followed.

Here are some ways to help keep your own information, and that of your company, safe:

  1. Keep your social media accounts private and only accept requests from people you know.
  2. Do not post information online that is related to your personal account security questions or the security of your company. Avoid sharing organizational information on your personal social media accounts that could be used against your organization and could put you at risk. Before you post it, ask yourself, could this information create a potential cyber security risk? For example, are you sharing information you might use in a password?
  3. Check to see what different apps request permission to, such as your camera, microphone, and location, and determine if they are justified. If they seem excessive, it's better to opt for a less intrusive option.
  4. Enable multi-factor authentication on your social media accounts. This requires two or more authentication factors when logging into your accounts, which enhances your security and reduces the likelihood of a threat actor being able to break into your account.

mascot popout icon
hacker behind computer monitor

Phishing, Smishing, and Vishing, Oh My!

Phishing is the most common type of cybercrime in Canada. In Canada, 34% of people have knowingly received a phishing attack since the beginning of the pandemic, and many more may have received them without being aware of it. Phishing is successful because it only requires that victims make one mistake. Opening one malicious attachment or clicking on a single dangerous link can provide the threat actor access to your computer or to sensitive information. Once threat actors have gained access to your device, they can start to spread malware throughout an entire network or exfiltrate data from secure locations. Therefore, it is essential that individuals learn more about different phishing tactics and how to spot them so they can help keep their information, and that of their organizations, safe.


Trends in Phishing

Threat actors continue to develop new and better phishing techniques. Recently, there has been a rise in linkless phishing and Spear phishing attacks and pharming. Linkless phishing is a style of phishing that directs you to a malicious website without clicking on a link. Instead, the malicious website is attached as an HTML file to the phishing email. The email will prompt the receiver to open the attachment. Users are unable to check out the link in advance to look for a fake or suspicious domain name. Clicking on the file will open a window that appears to be a local file. The window will prompt the receiver to share information such as log-in credentials.


people looking at targets

Spear phishing

Spear phishing is a style of phishing that narrows in and targets specific groups or individuals. It is more small-scale than the mass mailing typically associated with regular phishing. Before initiating the attack, the threat actor will research a targeted individual. The attack is then curated to be effective against the specific target. It should be noted that spear phishing lures are typically more dangerous and effective than other phishing attacks due to the time spent making them appear more realistic and legitimate.


shady person pointing at login screen

Pharming

Pharming is a type of phishing that redirects targets from legitimate internet sites to fake, “spoofed” websites without them knowing. The fake website will attempt to gain the target's personally identifiable information and log-in credentials (including passwords) or will attempt to install malware on the target's computer without their knowledge. Once a threat actor has access to one's computer, they can spread the malicious software throughout entire networks. This gives them the opportunity to redirect hundreds of individuals to malicious websites.


Conclusion

Employees have a vital role to play in defending their organizations against the threat of cyber attacks, including phishing. Join us in participating in this week's Cyber Security Awareness Month activities to learn more about phishing and social engineering and how to stay cyber safe.

For more information about social engineering, check out our Knowledge Library (cybersecurityontario.ca).

login screens with security guards

The Power of Passwords

Passwords are pervasive. Whether it be for your cellphone, social media accounts, banking information, or streaming services, most aspects of our day-to-day lives require some sort of password.


However, with each device and account requiring a unique password, it can be challenging to remember them all. As a result, many people reuse passwords, choose simple passwords, or do not properly safeguard their passwords. While simplicity may make passwords easier to remember, this is a dangerous habit. In fact, it is estimated that 80% of successful breaches are due to compromised credentials


How passwords are compromised

One common way that passwords and other login credentials can be compromised is from a data breach. Through a variety of methods, such as ransomware, a threat actor can access the login details of as many users as possible. Threat actors may upload this information to the dark web for other threat actors to access. If a victim of a data breach uses the same login credentials for other accounts, it places their information on these other accounts at risk.


Credentials can also be compromised through a phishing attack that urges a user to input a password or login information. Once a threat actor has your login credentials, they can prevent you from gaining access to your own accounts and can try to gain access to your other accounts.


Passwords are also compromised through brute-force attacks. Threat actors attempt to crack someone's password “by trying every possible combination of letters, numbers, and symbols” until something works. The simpler someone's password is, the easier it is to crack it during these attacks.


Finally, passwords can simply be stolen, when people leave their passwords out for anyone to see, such as on a sticky-note on their work desk. Reusing passwords, or using easy-to-guess passwords, not only puts your information and access to services at risk, but that of your organization as well. If a password that you use for multiple accounts is compromised, threat actors can access (or sell access) to your other accounts and potentially your organization's information.


How to keep passwords and credentials safe

submit password on phone

Protect yourself by taking steps to keep your credentials and accounts safe:


  1. Use strong passwords and make them unique - avoid reusing passwords.
  2. Consider using passphrases instead of passwords. A passphrase is the same as a password but consists of a sequence of words or other text that a user can more easily memorize. A passphrase is typically longer than a password, for added security.
  3. Use multi-factor authentication. Multi-factor authentication is the process of using two or more authentication factors to be able to gain access to an account. Using multiple credentials makes it harder for threat actors to access your accounts.
  4. Do not write down your passwords where other people can easily access them, and do not share any of your passwords with family, friends, or coworkers.
  5. Do not use the 'remember password' or 'remember me' function for systems, services, or software. This makes it easier for people to access your private information.
  6. Be suspicious of unsolicited phone calls, text or email messages from individuals or institutions asking for personal or business-related information.
  7. Keep social media accounts private and only accept requests from people you know. Information you post online can reveal answers to personal account security questions.

Your passwords and credentials are critical to the security of your information and access to services. Protecting these assets with good cyber security practices creates a strong defense against cyber-attacks.


mascot popout icon
locked computer with shady hacker

The Rise of Ransomware

Cyber attacks are becoming more pervasive, and the rates of cybercrime are increasing both globally and within Canada. With the advancements in technology, and the immediate transition to working from home for millions of people around the world due to the pandemic, vulnerabilities to cybercrimes have increased as well. It is estimated that by 2025, cybercrime will cost the world approximately $10.5 trillion USD, which is just below half of the United States GDP in 2021. Cybercrime in Ontario is also on the rise with its rate of incidents reaching 176.8 per 100,000 people in 2020. Every day in Ontario government bodies and private sector organizations are continuously fighting cybercrime to keep their customers and citizens safe.


There are many different types of cyber attacks. All cyber attacks affect your network differently, but they all attempt to exploit vulnerabilities in software, hardware, and human behavior online. Threat actors' goals include obtaining information that can be sold, traded, revealed, or used to perpetrate more cybercrime either for financial gain or political/ideological motivations. A threat actor can gain access to your accounts and devices through compromised credentials obtained in a phishing attack or by accessing them from a previous data leak or compromise. Threat actors can also use phishing attacks to install malicious software (also called malware) on your device. This allows threat actors to execute attacks without your knowledge.


infected device and frustrated person

Ransomware is a type of malware that makes data inaccessible. It is one of the most common cyber threats that Canadians face and the global average cost of recovery from a ransomware attack was estimated to be $2.3 million CAD in 2021. Typically, a threat actor will install malware on a device that can sit undetected for months, quietly monitoring an entire network, before a larger attack happens. During this attack, the threat actor will either lock the devices or encrypt its files or perform both actions. The threat actor will then indicate that a payment that must be made for the victim to regain access to their files.


In 2018, the towns of Wasaga Beach, Ontario, and Midland, Ontario both suffered ransomware attacks. Cyber criminals held the towns' computer systems hostage for 48 hours and demanded ransoms initially in the six-figure range. In 2019, the municipalities of Stratford, The Nation, and Woodstock, and three separate hospitals in Eastern Ontario, all experienced a ransomware attack. In these attacks, public sector organizations must decide between losing access to their essential systems and sensitive information for potentially weeks at a time, or to pay the cyber criminals so that they can provide the services that are critical to their citizens.


mascot popout icon