By Leo Valiquette and Lucy Screnci
Just before 9 a.m. on a Tuesday in November 2016, Carleton University’s IT department notified the public about “network issues” on campus.
This wasn’t some random glitch. The university had “detected an attempt by an external group or individual to hack into the IT network.” This affected some 3,200 computers, disrupted the school’s email platform and the online portal used for course registrations, payroll and other services.
It proved to be a classic “ransomware” attack. Computer files were being held hostage pending payment of a ransom demand in the popular cryptocurrency bitcoin. That demand was valued at the time at almost $39,000.
Thanks to its IT staff, Carleton was able to address the issue within a couple of days without paying up. But ransomware and other forms of malware remain an ongoing and growing threat for organizations across Canada and particularly in Ottawa.
Last summer, IT World Canada tracked stats that showed Ottawa carrying a malware infection rate 980 per cent higher than the national average. In its 2018 IT Trends in Large and Medium-Sized Canadian Businesses survey, Montreal’s Novipro reported that 32 per cent of Canadian businesses have already fallen victim to a ransomware attack or other computer threat.
Consider it the price of progress, as digital transformation driven by cloud-computing technologies remakes how we work, transact business and conduct our personal affairs. The more our professional and personal lives intersect online, the greater the opportunity for opportunistic elements to take advantage.
How do we stay one step ahead of the bad guys? It’s a multifaceted challenge. But an increasing number of companies in Kanata’s growing cybersecurity hub are doing their part.
Entrust Datacard: Do you have a plan?
“There isn’t a single solution that an organization can put in place,” said Greg Wetmore, vice-president of product development at Entrust Datacard. “It really requires excellent user education, a mature information security program, basic patching software and keeping applications up to date.”
Entrust Datacard supplies digital security features such as chip credit cards that protect information flowing between mobile banking apps and banks. It also helps governments safeguard ID documents such as driver’s licences and passports.
From Wetmore’s perspective, almost every breach starts with a credential, such as a password, with which the attacker can escalate privileges or access privileged information. Entrust is a strong proponent of a second type of verification, encrypting and backing up data, and securing applications.
In today’s connected world, it’s not a question of if a breach will occur, but when. That means equal attention must be given to how you will respond and recover.
“Organizations need to prepare for things like critical incident response and crisis communications,” Wetmore said. “They should have good business continuity and disaster recovery plans that anticipate a breach or a delay in service of assets.”
Interset: What can you learn about the threat?
Just across March Road, the team at Interset helps cybersecurity professionals with data analytics algorithms and mathematical models. These can detect and quantify behaviours within a network that are typical of various kinds of malware attacks, such as ransomware.
It can also identify troublesome anomalies in enormous organizations by using artificial intelligence and machine learning tools. If Interset’s software finds a user is operating at an unusual time of day or interacting with information it shouldn’t be, those pattern deviations might signal that an employee’s account has been compromised.
Stephan Jou, Interset’s chief technology officer, offers three steps to triage how to respond to an attack.
First, patch your computers as soon as possible.
“It’s a hard thing to do when managing a large suite of computers, but getting that hygiene level up is important,” he said.
Next, consider behaviour to help pinpoint the kind of malware at play. Jou looked to that Carleton incident as an example:
“I think it would have been really helpful in this case to see: Is it a brand new case of ransomware? Is it a binary that’s never been seen before, but it’s behaving like ransomware? I think that sort of system would have been able to give a heads up earlier.”
Lastly, like Wetmore, Jou emphasizes the need to have a response plan in place.
“I find with a lot of companies that the best thing to do is to be open and transparent,” he said. “Have a well-laid out response plan in advance with details on who’s going to do what.”
Herjavec Group: Are you compliant?
Recognized as the No. 1 private cybersecurity company in the world by market research firm Cybersecurity Ventures, Herjavec Group – with offices in Kanata North – works with large enterprise customers to deliver managed security services around the world.
“No executive wakes up and says I can’t wait to spend money on security today… but it’s no longer a choice,” company founder and CEO Robert Herjavec said in a report released earlier this year. “The biggest driver of security in the coming years will be compliance.”
What does he mean by compliance? Businesses will have to adopt certain security practices because they will be required to do so by government regulation, both at home and abroad, in response to the evolving malware threat. This year, for example, will see the General Data Protection Regulation (GDPR) come into effect on May 25. This regulation aims to protect the personal data of persons in the European Union.
This does impact Canada. If you do business in Europe that has you collecting, storing, transferring or processing data on EU citizens, you will have to comply with the dictates of GDPR. If you don’t, the penalties can amount to tens of millions of dollars, or more.
“You could be a company with offices in Europe that’s sharing internal data, or you take data from a client based in Europe, or you could just have a customer who’s there,” Ira Goldstein, Herjavec Group, SVP of Technical Operations, said in the report.
Being prepared, having a response plan, being compliant with new regulation. Consider it the price of doing business in an increasingly connected world to keep your operations, your reputation and your stakeholders secure.