Tips for Protecting Against Ransomware Attacks – National


Cybercriminals have focused on a lucrative tactic, holding digital files of crucial companies hostage until high fees are paid, often in hard-to-trace virtual currency.

Federal government says in the first six months of this year, more than half of Canadian ransomware victims were providers of critical infrastructure, including energy, healthcare and manufacturing .

Since March 2020, nearly a quarter of Canadian small businesses have suffered some sort of hostile cyber incident, according to federal officials.

The digital dilemma has prompted several cabinet ministers to advocate this week with Canadian organizations to take protective action.

Many breaches are simply attacks of opportunity, taking advantage of a network vulnerability, said Dwayne Robinson, global director of incident response at CyberClan, which provides security services to small and medium businesses.

“I would say few of these are true targeted and targeted attacks,” Robinson said during a recent webinar on ransomware in Canada.

The story continues under the ad

Read more:

Canadian spy agency targets foreign hackers to ‘impose a cost’ on cybercrime

There are some basic things businesses can do to dramatically improve their security, he said. “And it’s a little frustrating because we see the same thing over and over and over and over again.”

Click to play the video:

#GetCyberSafe with Marc Saltzman

#GetCyberSafe with Marc Saltzman

The Canadian Center for Cyber ​​Security, a federal agency, has developed detailed guidelines on preventing and protecting against a ransomware attack.

Main recommendations to protect against ransomware attacks:

Coaching – Provide security awareness training to employees to ensure they don’t click on phishing emails or open infected downloads.

Planning – Make a plan for how your organization will monitor, detect and respond to a ransomware attack. Test the response plan through exercises.

Cyber ​​insurance – The average cost of recovering ransomware worldwide more than doubled last year to $ 2.3 million. Look at the policies and ask yourself if insurance would help.

Evaluation – Private specialists can assess an organization’s computer systems and recommend precautions against a ransomware attack.

Read more:

Canadian health and energy sectors increasingly targeted by ransomware attacks

The story continues under the ad

The federal government offers programs for operators of critical infrastructure in the areas of energy and utilities, finance, food, government, health, information and communication technologies , manufacturing, security, transportation and water.

Public Safety Canada, in collaboration with the Cyber ​​Center, developed the Canadian Cyber ​​Security Tool to provide critical infrastructure organizations with an easy way to assess their cybersecurity in under an hour.

It was first offered to healthcare organizations in the summer of 2020 and is now available for all critical infrastructure sectors. Public Security says it has conducted 132 assessments to date.

Click to play the video:

Cybersecurity: what to look for to stay safe

Cybersecurity: What to look for to stay safe – November 25, 2021

The ministry is also offering the Cyber ​​Resilience Review in Canada, an on-site, survey-based exercise that can take up to a day and a half. Public Safety says 110 assessments have been completed in various critical infrastructure sectors since 2013.

The story continues under the ad

Use security tools – Install anti-malware and anti-virus software on devices to detect suspicious activity and secure network with firewall. Use strong passwords, or passphrases, to fend off so-called “brute-force” attacks that scroll through endless password possibilities.

Update systems – Regularly use updates and patches to fix bugs and vulnerabilities in software, firmware and operating systems.

Segment networks – Dividing a network into several smaller segments can prevent ransomware from spreading throughout the network.

Respect the principle of “least privilege” – Give employees access only to the functions and privileges necessary to perform their duties.

Random tests – Have testers try to breach the security of a system with techniques that a hacker could use. The Bank of Canada, like many financial institutions, has a long-standing emphasis on protecting internal systems, including network penetration testing.

Data backups – It is essential for an organization to have copies of data and systems in the event of an incident. Make sure that backups are stored offline, as cybercriminals can infect backups if they are connected to networks.

“Make sure your organization has multiple backups stored offline and performs the backup process frequently, to ensure that the data is as close to real time as possible,” Cyber ​​Center explains.

“Testing your backups is also a critical part of your backup and restore process. To provide an additional layer of protection, you must encrypt your backups. Having a secondary backup in the cloud is also a recommended approach to improve your recovery capacity.

© 2021 The Canadian Press


Comments are closed.