Worst Cyberattack in Canadian History? | Remote Working World | The Cyber Review

November 6, 2021
Written by Farah

Cybersecurity in a Remote Work World

People were working from home before the pandemic. But, the pandemic has increased that number significantly and amplified the need for more remote workers in certain fields. The biggest challenge with the remote work world is strong security.

One way businesses have accessed confidential client information is by adopting the zero-trust model. By always verifying employees accessing the data, companies are able to protect breaches.

Using identification confirmation adds a layer of security in remote environments that is much needed. Biometrics for example are an excellent option to protect the company.

AI is another key player in protecting sensitive information and detecting any threats. If the system detect an irregularity, it can lock the user's session and prevent anyone from viewing the employee's screen too.

Is this like Big Brother?

Privacy violation is a valid concern that employee's may have. However, the solutions suggested like biometrics or AI should be active when the employee accesses confidential information, not necessarily all the time. Employees don't have to worry about their computer watching or listening to them 24/7.

Of course, these systems don't get installed without consent and knowledge. The idea is security, not surveillance. It is a system guarding confidential data and watching the network.

N.L. health-care cyberattack is worst in Canadian history, says cybersecurity expert

Source: CBC

Cyberattacks are on the rise in Canada and this increase won't be slowing down anytime soon given remote work, new technology, and devices. There was a cyberattack on a Newfoundland and Labrador health-care system that may be the worst one in Canada shared David Shipley, cybersecurity expert.

The ransomware attack delayed thousands of appointments and procedures.

Any attack on an organization can lead to financial and reputational loss, however an attack on any healthcare facility can additionally lead to life or death situation and put patients at risk. Since the pandemic, Shipley shared that over 400 hospitals in Canada and U.S. have been subject to ransomware attacks.

After the attacks, the federal government's IT security agency, said it's in communication with N.L. provincial officials "we are actively engaged with government and non-government partners, sharing cyber security advice and guidance, mitigation, and operational updates," said the statement."

Not many details have been provided other than the fact that an attack happened and there are disruptions due to it. It was noted that the attackers could be monitoring the media and the government wouldn't want to reveal too much.

Report Shows Appalling State of Employee Awareness of Common Cyber Security Risks

The 2021 State of Privacy and Security Awareness Report includes responses from 1000 employees in small and midsize businesses (SMBs) and large corporations in the United States.

The report found that employees could not identify social engineering attacks, security expectations for standard and privileged users, and how cybersecurity risks could adversely affect their employers. Overall awareness of common cyber risks was lacking.

It turns out employee awareness of cyber risks is lowest in government and healthcare sectors.

  • According to the report, 24% of workers believe that clicking on suspicious links or attachments carries little or no risk
  • 31% of employees believed that allowing family members and friends to use work devices outside work hours is risky or presents serious risks.
  • Only 14% and 22% of government and healthcare employees can confidently describe to senior management the negative effects of cybersecurity risks.

Employees in government and healthcare had the least understanding of social engineering attacks such as impersonating someone is actually super common these days.

These include: phishing, business email compromise, vishing, and smishing.

Although COVID-19 disrupted cybersecurity training and employers were simply rushing to transform in-person work to remote work, any training that employees received had a positive impact on their awareness.

  • 55% of employees received continuous cybersecurity and data privacy training during the pandemic.
  • 23% companies had their cybersecurity training stopped at the start of the lockdowns, while 22% had their training halted temporarily and then restarted again during the pandemic.

Interestingly, government and healthcare had the highest percentage (65% and 59%) of employees who continued receiving cybersecurity training during the pandemic yet the lack of awareness on cyber risks was the lowest.