New Cybersecurity Initiative Finds That a Majority of Canadians Have Been the Victim of a Cybercrime

New Cybersecurity Initiative Finds That a Majority of Canadians Have Been the Victim of a Cybercrime

TORONTO, July 9, 2020 /CNW/ – The Cybersecure Policy Exchange (CPX), powered by RBC, today launched a report setting out an ambitious policy agenda that addresses findings from new survey data of 2,000 Canadians collected in mid-May. The report sheds light on Canadians’ online experiences and their priorities related to cybersecurity and digital privacy.

The goal of CPX is to broaden and deepen the discussion about cybersecurity and digital privacy policy in Canada, and to create and advance innovative policy responses, from idea generation to implementation.

“We live and work in a time of unprecedented technology development and adoption —

further accelerated by events like COVID-19,” said Charles Finlay, Executive Director of Rogers Cybersecure Catalyst. “We need urgent national policies that protect our security and digital privacy, while ensuring equal access for all. That is why we developed CPX–to be a platform for debating and advancing cybersecurity policy that is of critical importance to all Canadians.”

To lay the groundwork for these discussions, CPX undertook a survey of Canadians; some key findings from the report “Advancing a Cybersecure Canada” include:

  • 57% of Canadians reported being the victim of a cybercrime;
    • 31% unintentionally installed or downloaded a computer virus or malware;
    • 28% experienced a data breach that exposed personal information; and
    • 22% had an online account hacked;
    • 13% have been a victim of phishing; and
    • 8% have unintentionally installed or downloaded ransomware.
  • Since the start of the COVID-19 pandemic, Canadians have adopted new technologies to stay connected making them more vulnerable to privacy and security risks. 55% of Canadians have used Facebook Messenger and 46%have used Zoom.
  • Only 26% of Canadians with a smart speaker or voice-operated assistant have restricted the information it can access through its settings.

CPX will focus its work on three high-impact technologies:

  1. Social Media Platforms: Online platforms that enable users to connect and share user-generated content.
    • Only 15% of Canadians trust Facebook to keep their data secure, compared to 62% who trust the federal government and 73% who trust health care providers.
  2. Internet of Things (IoT): Physical networked devices connected to the Internet, from consumer electronics, to larger industrial and infrastructure applications.
    • 68% of Canadians have at least one smart device in their home.
  3. Biometrics and Facial Recognition: Technologies that measure and analyze a person’s physical or behavioural attributes to recognize or confirm identities, such as facial recognition.
    • 41% of Canadians are uncomfortable with being captured by video doorbells like Amazon’s Ring, and 15% support a ban on these products.

This report marks the launch of CPX’s agenda to develop public policy solutions, and raise awareness to the privacy and security challenges of each of these technologies.

“Cybersecurity has quickly become one of the most important issues of our time,” said Laurie Pezzente, Senior Vice-President of Global Cyber Security and Chief Security Officer at RBC. “As a leading organization in cybersecurity entrusted to keep our clients data safe and secure, RBC is proud to support the Cybersecure Policy Exchange and its ambitious policy agenda. Questions of privacy and security are paramount for all Canadians and policymakers, and proper governance of these issues will ultimately contribute to a more prosperous and equitable world.”

On Tuesday, July 14th from 1:30pm – 3:00pm EST members of the CPX team from RBC, Rogers Cybersecure Catalyst and Ryerson Leadership will convene for a live discussion to breakdown their new agenda, survey results and elaborate on the current cybersecurity threat landscape. More information and the registration link can be found here.

Through close public and sectoral engagement with the general public, government, academia and civic institutions on each of these urgent challenges, CPX will work to advance the responsible governance of this technology to protect Canadians.

The full findings are available at https://www.cybersecurepolicy.ca/agenda. An anonymous survey was conducted online by Pollara Strategic Insights on behalf of the Cybersecure Policy Exchange with 2,000 Canadian residents 18 years of age or older, from May 14 to 22, 2020. As a guideline, a probability sample of this size would yield results accurate to +/- 2 percentage points, 19 times out of 20. The data were weighted by region, gender and age, based on the most recent Canadian census figures to ensure that the sample matched Canada’s population.

The Cybersecure Policy Exchange is a new initiative from Ryerson University, dedicated to advancing effective and innovative public policy in cybersecurity and digital privacy. The Cybersecure Policy Exchange is powered by RBC through Rogers Cybersecure Catalyst and the Ryerson Leadership Lab.

Cybersecure Policy Exchange
cybersecurepolicy.ca | @cyberpolicyx
cybersecure.policy@ryerson.ca

SOURCE Ryerson University

 

Six months after cyberattack, LifeLabs says it has appointed a CISO and rolled out new security policies

Six months after cyberattack, LifeLabs says it has appointed a CISO and rolled out new security policies

ITworld Canada

Half a year after suffering arguably the worst data breach in Canadian history, LifeLabs provided its customers with an update on what it’s doing to make sure history isn’t repeated.

In an email obtained by IT World Canada, LifeLabs chief executive officer Charles Brown released a statement to customers on June 11, noting “I cannot change what happened, but I assure you that I have made every effort toward making change to provide you services you can trust.”

Here is the list of changes LifeLabs is introducing, according to the email:

Part of an email from June 11 sent to LifeLabs customers. According to his LinkedIn profile, LifeLabs’ former senior IT manager was appointed to be the CISO last December.

Brown also wrote that the breach delivered LifeLabs a stern reminder that “we must continuously work to protect ourselves against cybercrime” and that “data protection and privacy are now central to everything we do.”

The update from LifeLabs comes on the heels of a report from data protection company Veritas that says public consumers are seeking apologies, fines and even prison sentences for CEOs who fail to protect their businesses. Forty per cent of consumers hold business leaders personally responsible for ransomware attacks businesses suffer, according to the Veritas survey, which interviewed roughly 12,000 consumers. Thirty per cent would demand the CEO be banned from running a company if it suffered a cyberattack. Twenty-three per cent of those surveyed want to send CEOs to prison for mishandling data.

And despite nearly 90 per cent of respondents in a recent survey conducted by The Office of the Privacy Commissioner of Canada (OPC) saying customer privacy is an important corporate objective, only 60 per cent of those businesses say they have procedures in place to respond to customers’ requests to access their personal information.

Source: IT World Canada

CPA Canada hit by cyberattack affecting data of more than 329,000

TORONTO _ A cyberattack on the Chartered Professional Accountants of Canada website has affected the personal information of more than 329,000 members and stakeholders, the organization said.

The information includes names, addresses, emails and employer names, but passwords and credit card numbers were protected by encryption, CPA Canada said.

It warned the data could be used in email phishing scams and encouraged those affected to  “remain vigilant.”

The attack by  “unauthorized third parties” occurred between Nov. 30 and May 1, according to an internal investigation carried out with the help of cybersecurity experts.

The organization said it beefed up its security measures and contacted the Canadian Anti-Fraud Centre and privacy authorities after learning of “a possible security incident” the week of April 20.

“Upon discovering this, CPA Canada took immediate steps to secure its systems and conduct a thorough analysis to determine what information may have been involved,” the group said in an email.

“There is no evidence that the encryption keys were affected in this incident and we have no reason to believe the encryption was compromised.”

The personal information relates mainly to the distribution of CPA Magazine and everyone affected has been notified, the organization said.

Hacks against a wide range of companies since 2018 have included medical test laboratory LifeLabs and credit union Desjardins, which combined saw the theft of the personal information of more than 19 million Canadians.

 

Aon, announced the acquisition of Cytelligence Inc, a Canadian-based cyber security firm

The acquisition combines Aon’s industry-leading investment in cyber security with Cytelligence’s unique technical expertise in incident response and digital forensics services to strengthen Aon’s cyber security client value proposition 

CHICAGOFeb. 4, 2020 /CNW/ — Aon plc (NYSE: AON), a leading global professional services firm providing a broad range of risk, retirement and health solutions, announced today the acquisition of Cytelligence Inc, a Canadian-based cyber security firm that provides incident response advisory, digital forensic expertise, security consulting services and cyber security training for employees to help organizations respond to cyber security threats and strengthen their security position.

The acquisition will help Aon expand its current coverages within the cyber market at a time when cyber claims are almost doubling year-over-year. The 2019 Cybersecurity Almanac published by Cisco and Cybersecurity Ventures predicts that cyber events will cost $6 trillion annually by 2021, as companies are digitizing most of their processes and are often operating remotely. Global cyber insurance premiums are expected to grow from $4 billion in 2018 to $20 billion by 2025. According to Aon’s 2019 Global Risk Management Survey, cyber-attacks were identified as a top ten risk facing organizations and is predicted to be one of the top three risks for organizations in 2022.

“As the number of network intrusions, data breaches, ransomware attacks, and similar threats continues to increase in both frequency and severity, expertise in cyber incident response becomes critical to organizations and insurance companies,” said J Hogg, CEO of Aon’s Cyber Solutions. “The Cytelligence team are deep experts in cyber incident response, ransomware mitigation, and cyber security training for employees, which will help cement our position in both North America and globally as an industry leader.”

Cytelligence will join the growing portfolio of Aon’s Cyber Solutions, which combines digital risk management services, security services, professional risk solutions, and a global risk consulting practice. This acquisition enhances Aon’s 2016 acquisition of Stroz Friedberg and now allows Aon’s Cyber Solutions to offer an even more holistic portfolio of services to clients from proactive security services, to incident response, to risk quantification and insurance broking.

“Together, we will deliver complete proactive solutions from risk assessment, cyber risk policy underwriting to secure insurance coverage to protect critical assets, to cyber breach response, effective and efficient cyber incident remediation, meticulous data collection and data preservation,” said Daniel Tobok, CEO of Cytelligence. “Put simply, everything that is connected to the internet can be compromised. proactive companies and their Boards are preparing now with proactive actions with penetration testing, vulnerability assessments, security audits, and training of their employees.”

Cytelligence has offices in TorontoOttawaNew YorkSan Francisco and Miami. The firm employs professionals in cyber security and education, investigations, and forensic analytics. The firm was founded in June 2016.

Mr. Tobok will join Aon as the Canadian President, Aon’s Cyber Solutions.

About Aon
Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.

About Cytelligence
Cytelligence is a leading international cyber security boutique with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics. We are known for our technique: well planned, well executed and detailed-oriented engagements. Our Offensive Security Consulting includes: Penetration Testing, Vulnerability Assessments, Security Audits, and Secure Development Lifecycle Management, including code reviews.

SOURCE Aon plc

Cybersecurity in Canada 2019: It was an ‘awesome’ year for attackers

Cybersecurity in Canada 2019: It was an ‘awesome’ year for attackers

By IT World Canada

No country is immune from cyber attacks. But 2019 saw Canadian organizations victimized like never before.

Arguably the worst breach — not only in 2019 one of the worst in Canadian history — was the theft of personal information on 15 million people in Ontario and B.C. held by medical test laboratory LifeLabs. This data included patient names, addresses, email addresses, login passwords, dates of birth, health card numbers and in some cases lab test results.

The second worse breach was the theft by a suspected employee of information on all 4.2 personal banking customers in Quebec and Ontario of the Dejardins credit union.

Copied were names, addresses, birthdates, social insurance numbers, email addresses and information about transaction habits. Not stolen were passwords, identification questions or secret codes.

While more people were victims of the 2015 hack of Toronto-based dating site Ashley Madison, it isn’t a financial or health institution and subscribers didn’t have to give real names.

Getting a handle on how many data breaches there are in this country is getting better now that most organizations have to report them to the Office of the Federal Privacy Commissioner (OPC).

In November the OPC estimated the personal information of 28 million Canadians had been exposed in the first 12 months of mandatory reporting — and that didn’t include the LifeLabs breach.

Small wonder Ed Dubrovsky, managing director for incident response at Toronto-based Cytelligence said “unfortunately it’s been an amazing year” — for attackers.

Among the publicly-reported incidents

  • Attacks through suppliers were responsible for many incidents. Freedom Mobile blamed a third party for hosting an unprotected database with personal and credit card information on thousands of the wireless carrier’s subscribers on the Internet. TransUnion Canada said attackers compromised a Winnipeg leasing company to get access to personal information on some 37,000 Canadians held by the credit reporting agency; Verizon’s annual Data Breach Investigations Reporton thousands of incidents around the world, noted that 21 per cent of data breaches are caused by errors, either by employees or third parties;
  • Questions were raised about the dealings of some organizations with suppliers. In December the city of Hamilton, Ont., notified residents of a potential disclosure of their personal information through Alectra Utilities, which provides water billing service for the municipality. According to a news report an India-based subcontractor to Alectra had access to customer data it held, and there may have been other subcontractors whose staff could also see personal data. The incident raised questions of consent;
  • Nova Scotia’s privacy commissioner blamed the government for not doing enough security testing before making a new provincial Freedom of Information website live, allowing two people to hack the site in 2018 and make off with 7,000 documents including personal information of 740 people;
  • Think small businesses won’t be attacked? Consider our report on a Halifax vegan restaurant whose Facebook page was defaced.

Among other newsworthy events in 2019

  • The U.S. increased pressure on Canada not to allow Canadian wireless carriers to buy wireless network equipment from Chinese manufacturer Huawei for security reasons. A decision will likely be tied to the outcome of a Vancouver extradition hearing for Huawei’s CFO and the detention by China of two Canadians;
  • A Bank of Canada executive was among many experts urging organizations to collaborate more on cyber best practices and threat information. In a related move the Canadian Cyber Threat Exchange (CCTX) lowered fees for public sector agencies;
  • To help improve the security maturity of small and medium-sized businesses the federal government launched a cyber certification program. The hope is it will also increase public confidence in Canadian firms selling products online.

Dubrovsky sees some complacency in the attitude of Canadians and organizations. “We’re just accepting this is a risk,” as a result of the almost daily stories of breaches. “Unfortunately I don’t think there’s enough being done, still” by IT departments. “We don’t understand the threat actors are also ramping up both the damage they’re causing and the monetary demands.”

READ FULL ARTICLE MORE HERE: 

Source: IT World Canada

New Geneva Association & IFTRIP task force to address emerging cyber terror risks

The Geneva Association is launching a joint task force on cyber terrorism and cyber warfare with the International Forum of Terrorism Risk Reinsurance and Insurance Pools (IFTRIP). The special-purpose task force aims to conduct research on cyber terrorism risks across the re/insurance industry. Its initial findings will be published in mid-2020.

The launch of this new task force was announced at the IFTRIP 2019 International Conference in Brussels, Belgium. It will be led by Rachel Anne Carter, the Geneva Association’s Director of Cyber, supported by Julian Enoizi, CEO of Pool Re and Christopher Wallace, CEO of Australian Reinsurance Pool Corporation and president of IFTRIP.

Read the press release

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from ILSTV

You have Successfully Subscribed!

Pin It on Pinterest