Your Typical Canadian Employees May Not Care All that Much About Cybersecurity or Privacy at Work, it Seems

The media reported recently disconcerting results from a recent survey of Canadian employees about the protection of personal information and cybersecurity.

The report at issue indicates about 1/3 of Canadian employees do not think data theft is really in an issue they should be concerned with, or that they are likely to be targeted by cybercriminals when at work. Even with everything happening in the past couple of years, including almost daily announcements of computer intrusions and ransomware attacks (including in Canada), your typical employee does not seem all that worried.

In Québec, 3/4 of employees who answered the survey indicated they did not think the protection of personal information had anything to do with them, rather thinking this is an issue that IT is responsible for. Heck, the same proportion of respondents even admitted they had received NO training whatsoever at work about cybersecurity. None. Yikes.

Yeah, it seems, even today, with everything being published and privacy laws being adopted, your typical Canadian business may not be all that concerned about protecting data, whether it be personal or otherwise. Given that even some SME officers and business owners often still basically choose to ignore the issue, it is not all that surprising that a lot of employees do too. The Vietnamese have a good saying that may apply here: A house leaks from the roof on down.

Our job educating businesses and employees about this may not be quite done, it seems.

The Ever-Increasing Menace of Ransomware in 2021

I attended the MAPLE-SEC conference this week which I thought was quite good to provide a good overview of the state of cybersecurity and cybercrime, in Canada, in 2021.

On thing we learned during the conference was that a majority of businesses faced with a ransomware incident during the last year, ended-up paying the criminals, to get their data back and/or to avoid its disclosure to third parties. Not too surprisingly, this type of crime is pretty consistently on the rise, as the typical victim ends-up capitulating and rewarding criminals, by paying some sort of ransom.

We also learned recently that a 2021 report by cybersecurity firm Sophos revealed that about a third of businesses were the victim of some sort of ransomware attack during the last year. That makes for ALOT of businesses and data!

With stats like these, it’s not surprising that insurers offering cyber-insurance products are now feeling the pinch. Cyber-insurers are now apparently losing considerable money because of this type of policy. Because of this, an expert in insurance law who spoke at the MAPLE-SEC conference warned everyone that cyber-risk insurance coverage is about to get substantially more expensive for businesses everywhere. His advice as to this was to get the best cyber-insurance you can afford, right now.

Recent stats clearly show ransomware is unfortunately here to stay, as we’re now seemingly paying the price for collectively minimizing the importance of cyber-security for so long.

U.S. Offers $10M Reward to Help Fight Against Ransomware

The U.S. started cranking-up the heat on cybercriminals responsible for recent important ransomware attacks on American businesses and organizations. This include offering a reward for millions of dollars to anyone who provides specific information as to the criminals behind those recent attacks.

The move is part of several initiatives by the U.S. to try and start getting a handle on the problem of ransomware, a problem which is fast reaching epidemic proportions. Who knows, large rewards like these may help motivate citizens and businesses to investigate recent attacks and, who knows, even track down those responsible for these cyberattacks. Can’t hurt!

In addition to those rewards, it seems the U.S. is also continuing to tighten banking regs (to squeeze those trying to cash cryptocurrency paid as ransom) and increase international collaboration.

It is hoped initiatives such as these may help obtain more information, in particular, as to recent sophisticated attacks which were, more than likely, sponsored by foreign States such as Russia, China and North Korea.