Companies collect and store mass amounts of data on their users including personal information, credit cards, user habits, preferences, and patterns. Personal data is collected and stored with almost every activity we engage in, whether it be participating in a transaction, visiting a location, sending a message online or, in some cases, even just walking in or around a store.
Big data can be used to make predictions and transactions easier, which, for the most part, improve the user experience and overall productivity of society. Algorithms now know more about what we want than we even know ourselves. I want everyone reading to think about something for a minute: if you aren’t paying for a product, then you are the product. I’m not sure everyone thinks about that when they log into Gmail, Facebook or Linkedin. I am the world’s biggest proponent of going digital and the dramatic benefits it will continue to bring to society from not only an efficiency perspective, but also to reduce barriers, open up opportunities and lift our entire economy and society.
The dark side of the digital world
The scary part of the digital world as we all know is the possibility of critical information getting into the hands of the wrong people. A few examples come easily to mind: Let’s start with the 2015 attack on Sony. This attack released thousands of people’s personal information, along with executives’ email conversations, and demanded that they pull the comedy about North Korea, The Interview. In the end, the attack cost the studio tens of millions of dollars in recovery.
Then, who can forget the attack on Ashley Madison, which released the email addresses of the extra-marital dating site’s 32 million users, causing millions of awkward situations, destroying marriages, and even causing suicides; the aftermath of which is still playing out over a year later, albeit with strong leadership at the helm now.
Other examples include the ironic hacking of Mark Zuckerberg’s social media accounts, the attack on the Democratic Party networks during the 2016 campaign, and the targeting of Oracle MICROS networks, which took control of cash registers across various retailers and gained access to users’ login information. Further, there has been increasing use of ransomware attacks, such as recent attacks on Canadian hospitals and the University of Calgary, which take hold of data and require payment, usually in hard-to-track Bitcoins, before releasing the information back to its owners.
Cybercrime is big business
Let me be clear in saying: cybercrime is big business, and it costs the victims immensely. In a study conducted by the Ponemon Institute, it was estimated that the average cost of a single cyber attack on Canadian businesses was $6.03 million in 2016. This figure is 14 per cent higher than what was estimated in 2015 and seems to be increasing as attacks become more complex. These figures include the estimated costs of losing customers, but I doubt they are able to fully capture the brand and reputational hits companies face depending on severities.
Many organizations don’t realize how vulnerable or unprepared they really are for the increasing sophistication of attacks. In 2015, Deloitte conducted a cyber security survey that found that only nine organizations of the 103 respondents were considered highly secure. Further, the same study found that 68 per cent of organizations would not be in a position to recover quickly if they were to be targeted. Specifically, SMEs are often easier targets because in many cases their defence systems against such attacks are not as developed as in larger businesses. They can also provide an access route to larger business networks, which can provide incentive. StaySafeOnline.org reports that small businesses are victims of 71 per cent of data breaches, and that almost half of Canadian small businesses have been targeted. For small businesses, ensuring security can be expensive and, prior to an intrusion, may not be a complete priority.
Security is crucial
As the world changes and users are making more information available online due to emerging technologies, the importance of keeping this information secure becomes more critical. Ensuring better security within your organization can begin with monitoring your networks, establishing user controls, and ensuring that your employees are trained on password protection, data encryption, and data backups.
Even if you have implemented a successful cyber security policy, the environment is always changing, and companies must be continually improving and adapting their defences. It is, in a sense, an arms race. Or let’s call it a “constant” cat-and-mouse game. This is especially true in the instance of a company that stores large amounts of data online, but should not exclude companies that aren’t based in this type of technology. Canadian companies and companies around the globe must put in significant effort to be aware of their own vulnerabilities and commit to maintaining accountability to their customers. OMX, for instance, has invested heavily in cyber security and is proud to have much higher security levels on many fronts than most online banks.
The transformation and millennials
The reality is that people are becoming more and more in tune with using technology and rely on it heavily. As this transformation occurs, technology is seen much less as a threat and more as a part of everyday life, and as a critical tool to effectively get things done. It just no longer works to manage companies and your own lives manually and not to leverage software, data, and the cloud environment. You know everyone is moving to the cloud when even the federal government moves in that direction. In this changing environment, users become less focused on the potential risks of using certain technologies and more focused on the convenience, ease and efficiency at which they help complete a certain task.
This trend is seen in the way that millennials in particular approach technology and cyber security. Millennials, who are moving up in the workforce, are reported to be significantly less cautious about security. This group has grown up using technology in their everyday lives and arguably know technology best. However, this experience and ease of use has earned their trust, with many not thinking twice about the potential risks or vulnerabilities to which they are exposing themselves (em dash) and in many instances also the companies that they work for.
A study by TrackIt reported that 60 per cent of millennials “aren’t concerned about corporate security when they use personal apps instead of corporate-approved apps.” The same study also found that 70 per cent of millennials have brought outside apps into the workplace in violation of the company’s IT policies. Further research by Softchoice shows that millennials are more likely to use cloud applications such as Dropbox and Google Drive.
Technology tools have enabled individuals and groups to work faster, collaborate easier, have more access to vast amounts of information, and have empowered people to learn and become more prosperous. These are all fantastic benefits that have had large, overly positive impacts on society. However, cyber security is key in balancing how to protect this ability without going too far and compromising the freedom, openness, and ease of use of these technologies. I believe future wars will be fought very much online. The modern day enigma equivalent will be a hackathon with a thousand 20-year-olds breaking into our digital worlds – the worlds that will matter to us most on all fronts.
What the experts say
As usual, I surveyed a few Canadian experts on cyber security to learn more about what they feel are the biggest risks, and how their technologies can help keep companies secure.
The first expert that I spoke with was Jeff Joyce from Critical Systems Labs Inc. (CSL), a Canadian-owned engineering consultancy that provides a uniquely integrated approach to cyber security in managing risk for complex software-intensive systems across a variety of technologically advanced domains, including aerospace, defence, automotive, maritime, energy, medical technologies and rail signalling. “Cyber threats are increasing in number, complexity and sophistication,” Joyce said. “Increasing dependence on software automation, remote operation, and interconnection of ‘smart’ systems are among the technology trends that heighten exposure to cyber security threats for critical systems and networks.” Joyce went on to add, “Media has reported cyber attacks on automobiles that have compromised the functionality of critical systems such as braking and propulsion. These reports closely coincide with deep concerns in aerospace, defence and other industries that the disciplines of safety engineering and cyber security engineering are not currently integrating their respective activities.”
Another company, RANK, brings big data technology into the cyber security realm. RANK’s threat detection platform, VASA, revolutionizes cyber security response through a unique collaborative discovery process that enables discovery of both known and unknown threats and enables rapid response. Combining big data technologies, machine learning and proprietary algorithms, RANK’s user and entity behavior platform helps discover insightful information and actionable intelligence around insider threats, targeted attacks, and other vulnerabilities. The VASA visualization is specifically designed to aid the security analyst to drill down on detected threats and hunt for other anomalies in their network.
I was also able to talk to Alastair Sweeny from Waterloo-based Kryptera. He said that “Kryptera addresses a major concern for companies today – the theft of private data, corporate communications or intellectual property by insiders, employees or contractors. Companies can spend millions on securing their servers with monitoring software and malware protection, but they still run a major risk of being robbed due to software vulnerabilities, phishing or employee incompetence. Most large operations also have massive digital archives that they do not have a real handle on. Copies of files are scattered across countless computers connected to their networks. Cleaning up this mess can be too expensive or too huge to handle. We designed our flagship product, the Kryptera Enterprise Server (KES), to meet these challenges head on.” KES Resides on your private network and immunizes valuable files against cybercrime with the hardest encryption on the market, which according to Sweeny “rapidly mass encrypts and decrypts files, efficiently and with the need for passwords, turning what could be a nightmare into a manageable task (em dash) a serious security problem into a bulletproof solution.”
Halifax-based QRA Corp builds advanced analysis tools that significantly decrease the cost, time, and effort required to verify early-stage designs of safety-critical, cyber-physical systems. I spoke with Jordan Kyriakidis, QRA Corp CEO, about his opinions on cyber security and new technologies: “The biggest risks surrounding cyber security stem from the exponential increase in complexity of integrated and interconnected cyber systems. Although tools and methods exist to analyse and probe individual sub-systems (that is, systems with only a few basic functions), vulnerabilities become extremely difficult to assess as these sub-systems become integrated into increasingly larger and multi-operative systems. Furthermore, although cutting-edge computational technologies are enabling the development of smarter and more powerful integrated systems, these same technologies also allow those with malicious intent to more rapidly infiltrate and threaten these systems. QRA’s natural language analysis tool, QVscribe, and systems analysis tool, QVtrace, aim to help domain experts rapidly hone in on potential errors early on, find vulnerabilities, and increase confidence in cyber systems.”
As the technology environment changes and systems become more complex and integrated, Canadian businesses should be aware of where their vulnerabilities lie and identify the necessary technologies to protect these gaps. This need creates an area where Canadian innovations can really prosper, and I am proud that the Canadian government is also highlighting it as a target investment sector.