Cyber Security and the Increasing Risk to Business

Cyber Security and the Increasing Risk to Business

 

Even those of us not directly involved in IT can identify the growing trend in cyber attacks and increased risk to the business. A brief review of media articles on the subject alone indicates that we are facing unprecedented and increasing threat levels from ransomware, phishing, DDOS, data theft, data leaks, and other cyber-attacks. Even as I write this, I am following reports of a massive ransomware attack on AIIMS (a health services group in India) where personal and billing information of thousands of patients has been encrypted and held for ransom.

 

In Canada, cyber security laws and the responsibilities of businesses to take action to protect information are changing to keep pace with attacks. Even with only 80% of attacks being reported to the Office of the Privacy Commissioner, we can see from the graph below (Illustration A) that cyber security is a growing threat. Changes in regulations, insurance requirements and law are already being discussed, and Quebec’s new PPIPS law (September 2022) imposes mandatory reporting of cyber breaches. Insurance companies are asking for detailed cybersecurity policies before considering premium rates. Business to business contracts routinely require proof of data protection.

 

Illustration A – Cyber Breaches reported to the OPC

          (Statistics from the Office of the Privacy Commissioner)

There is little doubt that system security is no longer only the concern of your IT team. Cybersecurity is an organizational risk and needs to be evaluated at all levels of business operations. 

 

A Utility Safety Partners, we have taken steps to protect the data that we keep on behalf of members and system users. In addition to the basic system protection of firewalls, encryption, and password-protected access, we are working with our IT providers to develop a robust and comprehensive cybersecurity plan. Our first step is a comprehensive data plan that identifies critical data within our system and developing layered security that provides increased security where critical data is stored. We are building out our Incidence Response plan to ensure that if an attack occurs, we have a set of actions to recover the data and resume normal operation, communicate to affected stakeholders and to analyze the breach to close the gaps and prevent a reoccurrence. We are reviewing the cybersecurity and response plans of all vendors we contract with to make sure that our data is secure and software vulnerabilities are addressed. We are providing our employees and users with education and training to understand their role in protecting our systems from outside attacks. We have recently introduced multiple tools to increase our security, like multifactor authentication, a password creation and storage program, and single sign-on access to all software. 

 

As the world becomes more virtual, and our systems rely on electronic access to data and documents, Utility Safety Partners is committed to being a prevention focused and forward-looking organization. The protection of our stakeholders’ personal information and critical data is a responsibility we take seriously.

 

If you have questions about USP’s cybersecurity measures, email info@utilitysafety.ca and write "Cyber Security” in the subject line.

 

Author - Sher Kirk

Operations Director, Utility Safety Partners