Home Month and Year March 2024 The Risk of Cyberattacks

The Risk of Cyberattacks

Crimes of opportunity


Technology is a spectacular convenience, an infinite source of information and a social game changer. In business, technology is like breathing, blood flow, heartbeats and nerve endings. The critical fact of doing business is also an unavoidable irony; occasionally organizations have challenges working with it but accept the reality that they can’t work without it.

Savvy business leaders acknowledge that, just like technology is an indispensable tool for efficient operations, cybersecurity is business’ vital risk management.

There is business world consensus that while technology is mind-bogglingly efficient, so are the risks and the must have of cyber security. As more and more Edmonton businesses are finding out the hard way, the exciting and limitless possibilities of technology are constantly threatened by hacks, malware, ransomware and other cyber attacks.

“In the Edmonton area, there has been a noticeable increase in ransomware attacks over the past five years,” notes Balaji Selvaraj, director of IT with Edmonton’s Sunco Communication and Installation. “The evolving landscape of cyber threats, as well as the ever-present risks in the digital world, have contributed to this surge.”

He mentions a recent CTV report which showed 1.4 million Albertans having fallen victim to cyber attacks, with the numbers steadily rising. “It’s kind of scary, because many attacks go unreported.”

John Zabiuk, chair of NAIT’s cybersecurity program emphasizes that, “Although information specific to Edmonton is not readily available, globally the number of ransomware attacks has increased 13 per cent over the past few years, according to a recent report by Verizon. By 2031, it is estimated that a ransomware attack will occur every two seconds. Globally, it is frightening, with 73 per cent of businesses have reported being attacked by ransomware over the past two years.”

While hacks are familiar but dreaded facts of technology life with menacing invasions of privacy and identity theft, business cyber attacks are more often malware breaches which steal delicate and confidential company information. Ransomware essentially locks up a company’s operating system until a ransom is paid to unlock it.

“The most common way ransomware infects a device is through phishing emails containing malicious attachments,” he says. “Such emails are designed to trick the user into trying to open the attachment and unwittingly installing the ransomware.”

Cyberattacks. Hacks. Malware. Ransomware. For some businesses, technology is vital but sometimes baffling techspeak that IT people are supposed to deal with. Unfortunately, but understandably, media reports are usually about big-time cyberattacks happening to big-time corporate victims like Suncor, Sobeys, Marriott, Yahoo and Toronto’s Hospital for Sick Children, while independent, small and mid-size businesses opt for the false sense of security that they are too small for a malware or ransomware cyber attack. Big myth.

“Small and midsize businesses (SMBs) face heightened susceptibility to ransomware due to limited resources, inadequate cybersecurity measures and a lack of employee training,” Selvaraj warns. “Their vulnerability is compounded by insufficient backup systems and the misconception that they are unlikely targets. To address these risks, SMBs should prioritize cybersecurity investments, enhance employee training and establish comprehensive incident response and backup strategies.”

Vince Phillips, president and CEO of Edmonton’s Foresight for IT underscores the caution. “In the past five years or so in the Edmonton area, the risk of ransomware attacks has increased but ransomware attacks can be 100 per cent be prevented. What makes Edmonton SMBs susceptible? Innocent ignorance! Most cyber attacks on SMBs are crimes of opportunity. Hackers target the low hanging fruit.

“Small businesses often think that hackers wouldn’t be interested in them because they are small or they believe that just because they have never experienced a cyber crime event, they never will. So, the business chooses to do nothing.”

Selvaraj explains that, while ransomware attacks can occur suddenly without notice, organizations often observe warning signs including unusual network activity, unexpected system behavior, increased phishing attempts and the presence of unknown or unauthorized files.

“By definition, ransomware is a hack,” Phillips says, “but it’s arguably a lazy hack with a high return on investment for the bad guys. Ransomware often takes advantage of a known vulnerability and through automation takes advantage of that vulnerability on a poorly maintained system.”

Zabiuk points out several warning signs that can indicate ransomware is happening or has happened. “Being unable to open files or that an app no longer recognizes the files. The business’ computer may become very slow or unresponsive. A frequent and obvious sign is a popup message that warns about files being encrypted and providing instructions about how to pay the ransom to unlock the system.”

In addition to how and why cyber attacks happen and what and how to effectively react and do something about it, experts strongly emphasize two key aspects about businesses managing cyber security: people and the business’ reputation.

As pointed out, there are several reasons why ransomware attacks are increasing, including the advent of cryptocurrencies making it easier for attackers to receive ransoms anonymously and without the typical transactional traceability present in traditional banking. Cybercriminals are also becoming more and more sophisticated and making use of new attack platforms. Experts stress the importance of educating staff, especially work-from-remote employees.

“Remote workers typically do not have the same level of security on their home network and systems that would exist in the corporate IT environment. Also, they may have other non-work-related software installed on their computer. Both factors can make it easier for a hacker to launch an attack,” says Zabiuk. “Since people working from home behave differently than in an office environment, they feel much more casual and relaxed, letting their guard down about risks and computer security.”

Understandably, most businesses who have been victims of malware or ransomware opt to lay low and minimize damage to the company’s reputation. Especially in today’s digital landscape, a company’s reputation is closely tied to its ability to maintain confidentiality and protect sensitive company and customer information.

Prioritizing cybersecurity measures is critical for businesses to maintain customer trust, avoid negative publicity and minimize the potential reputational damage that can result from a cyberattack. By investing in robust, multi-layered security systems and fostering a culture of cybersecurity awareness, companies can mitigate the risk of cyberattacks but, as with any business risks, there are no guarantees.

“If a business lost information due to a preventable hack, it could significantly erode client and vendor trust, as well as potentially employee trust. More importantly to a business, a cyber security event will impact operations and that has an immediate negative impact on revenue. The long-term impact on revenue will be reputation,” Zabiuk adds.

A key aspect of risk management is prevention. Selvaraj recommends a proactive approach – preventive measures followed by a structured reaction plan. “Preventive measures include regular employee training on cybersecurity awareness, timely software and system updates and a multi-layered security approach.”

Phillips emphasizes that effective prevention starts with awareness and preparation. “Planning for an attack, just like we’ve all planned for fires, is the first step in reacting. The reaction should be planned in a security incidence response of which everyone in the organization is aware, just like a fire escape plan.”