Brad Riddell Appointed Vice President, CyberSecurITy at FlexITy, Canada’s leading Systems Integrator

TORONTO, Jan. 20, 2020 /CNW/ – Brad Riddell has been appointed Vice President, CyberSecurITy at FlexITy, Canada’sleading Systems Integrator and Digital Transformation Solutions, by CEO Peter Stavropoulos.

As Vice President of CyberSecurITy Solutions, Brad Riddell is responsible for rapid expansion and growth while managing FlexITy’s emerging CyberSecurITy business. He brings more than 20 plus years of IT risk management, systems integration, and managed services, sales and delivery experience to the FlexITy organization.

“Brad is astute at understanding the cybersecurity challenges faced by Canadian companies and developing pragmatic solutions to effectively manage cybersecurity risk. He has a proven track record of building high performing teams that attract top cybersecurity talent that our clients require. As a longstanding trusted advisor to clients across many industries, Brad quickly earns their trust and develops long-lasting relationships,” said Peter Stavropoulos.

“FlexITy is a proven and trusted Systems Integrator focused on attracting and retaining top IT engineering talent and delivering robust, high performance and reliable solutions to their clients. We are applying this winning approach to cybersecurity to create Canada’s leading end-to-end cybersecurity services business. FlexITy will build tailored solutions targeted at solving the most daunting challenges such as ransomware, securing IoT devices, ensuring the safety of critical infrastructure, enabling secure electronic commerce, and ensuring the privacy of patient medical records,” said Brad Riddell.

Canadian companies now have a single trusted provider to design, deploy, secure and manage critical IT networks, systems and applications. By taking a truly integrated approach to network and system design, integration and security, FlexITy offers a unique capability unmatched in the Canadian market.

Along with the depth of FlexITy’s Infrastructure team of architects, pre-sales engineers, highly skilled and cross-certified integrators and project managers, all with the highest of government security clearances, we work with our best-of-breed strategic partners to develop and deliver broad and deep sets of Managed and Hybrid CyberSecurITy Solutions that make an immediate impact with clients across Canada.

The range of FlexITy clients serviced over the past two decades span across some of Canada’s leading financial, government, public sector, legal, media, telecommunications, insurance and health care institutions.

About FlexITy

FlexITy is an award-winning integrator of smart technology, CyberSecurITy and service solutions, built on powerful and digitally advanced secure platforms, and delivered with decades of expertise, is headquartered in Richmond Hill, with offices in Toronto and Winnipeg.

FlexSecurITy is a next-generation cybersecurity offering enabling organizations to protect the way people work today from advanced threats and compliance risks. FlexSecurITy protects organizations from the advanced attacks targeting them and protects the critical information people create while arming organizations with the right intelligence and tools to respond quickly when things go wrong.

FlexHealth-Powered by FlexITy is a suite of patient-centric solutions that integrate interactive mobile applications, secure health IT and data, and optimize healthcare management. FlexHealth engages patients and families, empowers clinicians and delivers outcomes that matter.

FlexTEL, a leading and secure managed business provides Unified Collaboration Cloud Services for Enterprises seeking a holistic enterprise grade Collaboration Platform.


www.flexsecurity.com, www.flexity.com, www.flexhealth.ca

Cybersecurity in Canada 2019: It was an ‘awesome’ year for attackers

Cybersecurity in Canada 2019: It was an ‘awesome’ year for attackers

By IT World Canada

No country is immune from cyber attacks. But 2019 saw Canadian organizations victimized like never before.

Arguably the worst breach — not only in 2019 one of the worst in Canadian history — was the theft of personal information on 15 million people in Ontario and B.C. held by medical test laboratory LifeLabs. This data included patient names, addresses, email addresses, login passwords, dates of birth, health card numbers and in some cases lab test results.

The second worse breach was the theft by a suspected employee of information on all 4.2 personal banking customers in Quebec and Ontario of the Dejardins credit union.

Copied were names, addresses, birthdates, social insurance numbers, email addresses and information about transaction habits. Not stolen were passwords, identification questions or secret codes.

While more people were victims of the 2015 hack of Toronto-based dating site Ashley Madison, it isn’t a financial or health institution and subscribers didn’t have to give real names.

Getting a handle on how many data breaches there are in this country is getting better now that most organizations have to report them to the Office of the Federal Privacy Commissioner (OPC).

In November the OPC estimated the personal information of 28 million Canadians had been exposed in the first 12 months of mandatory reporting — and that didn’t include the LifeLabs breach.

Small wonder Ed Dubrovsky, managing director for incident response at Toronto-based Cytelligence said “unfortunately it’s been an amazing year” — for attackers.

Among the publicly-reported incidents

  • Attacks through suppliers were responsible for many incidents. Freedom Mobile blamed a third party for hosting an unprotected database with personal and credit card information on thousands of the wireless carrier’s subscribers on the Internet. TransUnion Canada said attackers compromised a Winnipeg leasing company to get access to personal information on some 37,000 Canadians held by the credit reporting agency; Verizon’s annual Data Breach Investigations Reporton thousands of incidents around the world, noted that 21 per cent of data breaches are caused by errors, either by employees or third parties;
  • Questions were raised about the dealings of some organizations with suppliers. In December the city of Hamilton, Ont., notified residents of a potential disclosure of their personal information through Alectra Utilities, which provides water billing service for the municipality. According to a news report an India-based subcontractor to Alectra had access to customer data it held, and there may have been other subcontractors whose staff could also see personal data. The incident raised questions of consent;
  • Nova Scotia’s privacy commissioner blamed the government for not doing enough security testing before making a new provincial Freedom of Information website live, allowing two people to hack the site in 2018 and make off with 7,000 documents including personal information of 740 people;
  • Think small businesses won’t be attacked? Consider our report on a Halifax vegan restaurant whose Facebook page was defaced.

Among other newsworthy events in 2019

  • The U.S. increased pressure on Canada not to allow Canadian wireless carriers to buy wireless network equipment from Chinese manufacturer Huawei for security reasons. A decision will likely be tied to the outcome of a Vancouver extradition hearing for Huawei’s CFO and the detention by China of two Canadians;
  • A Bank of Canada executive was among many experts urging organizations to collaborate more on cyber best practices and threat information. In a related move the Canadian Cyber Threat Exchange (CCTX) lowered fees for public sector agencies;
  • To help improve the security maturity of small and medium-sized businesses the federal government launched a cyber certification program. The hope is it will also increase public confidence in Canadian firms selling products online.

Dubrovsky sees some complacency in the attitude of Canadians and organizations. “We’re just accepting this is a risk,” as a result of the almost daily stories of breaches. “Unfortunately I don’t think there’s enough being done, still” by IT departments. “We don’t understand the threat actors are also ramping up both the damage they’re causing and the monetary demands.”

READ FULL ARTICLE MORE HERE: 

Source: IT World Canada

Canadian insurance firm targeted in ransomware attack

Adam Ward |CTVNews.ca 

TORONTO — Andrew Agencies Ltd., an insurance firm that operates in the Prairies, was recently targeted in a ransomware attack but says no personal information was taken.

Dave Schioler, the executive vice president and general counsel for Andrew Agencies, confirmed the security breach in an email statement to CTVNews.ca on Wednesday.

“We have uncovered no evidence of sensitive personal information or data being stolen or otherwise compromised,” he said in the statement. “We can advise that the incident has had minimal impact on our operations.”

Andrew Agencies, a full-service insurance and financial services firm, operates 18 locations in Alberta, Manitoba and Saskatchewan.

A hacker group known as Maze has taken credit for the attack online. The group was reportedly behind a ransomware attack that recently targeted the City of Pensacola, Fla.

Schioler said that Andrew Agencies did not pay a “ransom as part of the recovery effort.”

“We have taken this matter very seriously and have expended considerable resources in the investigation and remediation of this incident, including the use of third parties with expertise in similar incidents,” the statement reads.

ARE THESE TYPES OF ATTACKS ON THE RISE?

News of the security breach at Andrew Agencies comes one day after LifeLabs, one of Canada’s largest medical laboratories, announced it was hit by hackers.

In LifeLabs’ case, an estimated 15 million customers are believed to have been affected, with passwords, birthdays, health card numbers and even lab results potentially being accessed.

Brett Callow, a threat analyst with anti-virus software company Emsisoft, says while many of these types of attacks go unreported, it’s very likely there has been an increase.

“Most ransomware attacks are not specifically targeted and, as there’s been an increase in attacks on the public sector, it would seem inevitable that there has been an increase in attacks on smaller businesses too,” he said in an email statement to CTVNews.ca.

According to a report released this week by Emsisoft, at least 948 government agencies, educational institutes, and health-care providers were impacted by ransomware attacks in the U.S. in 2019. Emsisoft didn’t have information on the number of these types of attacks in Canada.

Callow says that in about 90 per cent of these cases, hackers are perpetrating these attacks through “email attachments or improperly secured remote access solutions.”

So how can companies and municipalities protect themselves from these types of attacks? Well, Callow says a good starting point is email filtering and training staff how to spot potentially hazardous emails.

“The fact that ransomware groups are now stealing data as well as encrypting it makes prevention and detection more critical than ever,” Callow says.

SHOULD COMPANIES PAY A HACKER’S RANSOM?

In short, no, says Callow, because there’s a lot of unknowns.

“There is no guarantee that the decryption tool supplied by the cybercriminals will work or that they’ll even supply one.”

Callow added that every time a company pays for their data back, they incentivize these types of cyberattacks. However, he admits that some companies have no choice and have to take the risk because it may be the only option.

“For as long as companies pay ransoms, ransomware attacks will continue. The only way to stop the attacks is to make them unprofitable.”

Source: CTV News

Marsh Enhances Cyber Risk Consulting Capabilities

Clients to Gain Greater Insight into the Effectiveness of Cybersecurity Investments

Marsh, the world’s leading insurance broker and risk adviser, announced the launch of an enhanced suite of cyber risk quantification consulting capabilities that offer clients new insight into the impact of their cybersecurity investments.

The enhanced consulting capabilities are powered by Blue[i] Cyber, a new cyber risk analytics engine that integrates Marsh’s market-leading cyber risk quantification models with X-Analytics, Secure Systems Innovation Corporation (SSIC)’s patented cyber risk model for which Marsh is the exclusive insurance broker and risk consulting provider.

With these enhanced cyber risk consulting capabilities, Marsh clients for the first time will be able to quickly and easily:

  • Evaluate the effectiveness of cybersecurity controls and prioritize risk mitigation accordingly.
  • Engage in data-driven “what-if” scenarios to evaluate existing and future cyber investments.
  • Evolve cybersecurity from technical jargon to a board-level conversation.
  • Meet cyber risk disclosures and reporting requirements more easily.

Use financial analysis of cyber risk exposure to inform their risk management strategies, including risk mitigation and risk transfer decisions.

“Although cyber often ranks high on risk agendas, many organizations struggle to understand how their cybersecurity strategy impacts their financial exposure to cyber risk,” said Reid Sawyer, US Cyber Risk Consulting Practice Leader, Marsh. “With Marsh’s enhanced quantification consulting capabilities, clients will be able to gain greater clarity into the impact their cybersecurity investments have on risk reduction and make more informed cyber risk capital allocation decisions.”

The enhanced cyber risk quantification consulting capabilities powered by Blue[i] Cyber are immediately available in the US, Canada, and Europe.

About Marsh

Marsh is the world’s leading insurance broker and risk adviser. With over 35,000 colleagues operating in more than 130 countries, Marsh serves commercial and individual clients with data driven risk solutions and advisory services. Marsh is a business of Marsh & McLennan Companies (NYSE: MMC), the leading global professional services firm in the areas of risk, strategy and people. With annual revenue approaching US$17 billion and 76,000 colleagues worldwide, MMC helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses: Marsh, Guy Carpenter, Mercer, and Oliver Wyman. Follow Marsh on Twitter @MarshGlobal; LinkedIn; Facebook; and YouTube, or subscribe to BRINK.

4 scams to watch out for this holiday season

Frauds, scams spike this time of year, says RCMP

CBC News

As shoppers gear up for the holiday season, police say fraudsters are also preparing to take advantage of those who aren’t careful.

The holidays are ripe for fraudulent activity, with various types of scams appearing around this time of year, according to Jeff Thomson, a senior intelligence analyst with the RCMP’s fraud unit.

Here are some of the most common scams Thomson said people should watch out for.

SIM swapping

Thomson said the RCMP has seen a recent spike in identity theft through what’s known as SIM swapping.

Fraudsters will send a phishing email, which appears to be from your service provider, offering you free data or something similar — and a link for you to claim your “prize.”

The link asks for personal information to update your cellular account profile. Fraudsters will then contact your service provider and, using that information, gain access to your phone.

“If you have your bank accounts, your social media accounts, email accounts — they can now start to gain access to the accounts you have on your mobile device,” Thomson said.

If you receive an email from your service provider with an offer, Thomson recommends calling them to verify it’s real.

Evolving phone scams

This one might sound familiar: someone allegedly calls from the Canada Revenue Agency (CRA) and demands payment for back taxes while threatening the victim with arrest.

Thomson said the RCMP are seeing a spike in these kinds of scams, but instead of the CRA, the fraudsters claim to be from Service Canada.

“The Service Canada scam I’m seeing as the evolution of the CRA scam,” Thomson said.

Fraudsters tell victims their social insurance number (SIN) is compromised and then attempt a two-part scam.

First, they’ll attempt to coax your name, date of birth, SIN and other personal information from you.

Then they’ll say police or investigators need to follow up, which later turns into a demand for cash. Thomson said that usually takes the form of fraudsters telling victims to move money into a “safe account.”

Like with the CRA scam, Thomson said Canadian agencies wouldn’t call and ask for personal information.

Online shopping scams

As more and more shoppers turn to the internet to find that perfect holiday gift, fraudsters are taking notice.

Thomson said one scam comes in the form of an unbelievable offer for a wish-list item — but often it’s counterfeit or of an inferior quality.

To avoid being duped, Thomson recommends only shopping at well-known websites, reading reviews on lesser-known ones first, and using payment programs that have credit card protection.

“If a deal seems too good to be true, it probably is,” he said.

Loan scams

This scam typically preys on victims looking for extra cash during the holidays.

Fraudsters offer loans, Thomson said, and then either take personal information or begin to demand payments.

Thomson advises people to be cautious and only seek loans from credible providers.

CBC News

 

New Geneva Association & IFTRIP task force to address emerging cyber terror risks

The Geneva Association is launching a joint task force on cyber terrorism and cyber warfare with the International Forum of Terrorism Risk Reinsurance and Insurance Pools (IFTRIP). The special-purpose task force aims to conduct research on cyber terrorism risks across the re/insurance industry. Its initial findings will be published in mid-2020.

The launch of this new task force was announced at the IFTRIP 2019 International Conference in Brussels, Belgium. It will be led by Rachel Anne Carter, the Geneva Association’s Director of Cyber, supported by Julian Enoizi, CEO of Pool Re and Christopher Wallace, CEO of Australian Reinsurance Pool Corporation and president of IFTRIP.

Read the press release

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from ILSTV

You have Successfully Subscribed!

Pin It on Pinterest