Cyber Risk Conference: Companies aren’t prepared for cyber attacks

It takes an average of 229 days for an organization to discover a breach

The Internet “is a world without governance,” Ray Boisvert, senior associate at Hill+Knowlton and former CSIS assistant director, said today at the inaugral International Cyber Risk Management Conference in Montreal. Hackers ranging from the Syrian Electronic Army to code-savvy teens can access private information without too much difficulty, and most companies aren’t ready to deal with the fallout of a cyber breach.

Read more: The Sinister World of Corporate Espionage

It takes an average of 229 days for an organization to discover a cyber breach, Boisvert said, and the cost to repair damages increases exponentially the longer the attack is left untreated. In a session on the threat horizon, Mark Fernandes, a partner and cyber security leader at Deloitte, reported a mid-sized retailer will lose $10-20,000 if a breach is discovered the day it happens. After a month, the loss is in the hundreds of millions.

Fifty percent of Canadians click on phishing emails, says Boisvert, and companies must invest in security training. Supportive office culture is also essential.  In an afternoon session on cyber risk management approaches for SMEs, Eduard Goodman, chief privacy officer at IDT911, pointed out breach rates would decrease if employees feel empowered to call their CEO and confirm they really did request a wire transfer of $100,000.

Read more: Companies test staff with fake phishing emails

Fernandes also warned we should worry most about ultra-targeted attempts. Some hackers study the way a high-profile target communicates with their friends and family, and then copy those speech patterns when writing the phishing emails. Other hackers are outsourcing part of the job so it’s harder for law enforcement to identify them, he added.

Read more: Rich companies vulnerable to cyberattacks, poor countries to terror threats

Panelists throughout the conference agreed that all companies have or will have suffered a cyber breach. But “a breach is not the time to improvise,” said Chantal Bernier counsel at Dentons and former interim Privacy Commissioner of Canada. Complete prevention isn’t possible but all businesses can and should have a solid action plan in place for when an attack happens.

Copyright © 2017 Transcontinental Media G.P.
Transcontinental Media G.P.