KPMG has published its Cyber Watch Report, which identifies five key cyber security trends impacting Canadian businesses. Increased risks of ransomware and extortion-driven attacks and the rise of the Internet of Things (IoT) are challenging organizations in new ways. These security risks are putting heightened pressure on organizations to protect, detect and respond to new adversaries and threat tactics, while preserving their trust and reputation with customers.
Trends affecting Canadian organizations include:
1. Increase in extortion-driven and ransomware incidents
Cyber criminals will deploy ransomware to infiltrate and encrypt files, devices and networks, then demand payment for their release; or threaten to steal data if payments are not made. Incidents of ransomware and extortion-driven attacks are expected to increase in Canada, particularly within the public, legal and financial services sectors given the private and sensitive nature of the information these organizations hold.
2. Mandatory breach notification
Consumers, governments, privacy commissioners and courts will increasingly pressure Canadian organizations to be more transparent about their cyber security readiness, responsiveness and breach notification protocol.
KPMG anticipates an increase in breach management and notification costs in 2016 due to the Digital Privacy Act's mandatory breach notification requirement. This act will require organizations to notify affected consumers about security breaches that pose a risk of significant harm.
3. Increased risk with use of mobile devices and the growing pervasiveness of the Internet of Things (IoT)
As more players, service providers and third-party suppliers become part of the mobile and IoT ecosystem, these parties may not have completed sufficient security testing. In the absence of generally accepted security standards for these devices, Canadians will start to demand assurances that all suppliers have suitable security and privacy policies and safeguards in place.
4. Greater use of real-time intelligence tools to monitor live attacks
It is imperative that businesses detect threats as early as possible, and disarm them proactively. Real-time intelligence solutions give organizations visibility into global cyber threats as they happen to help block attacks, uncover hidden breaches and track emerging threats. Because speed is of the essence, KPMG believes Canadian organizations will make increasing use of real-time intelligence tools.
5. Greater focus on risks posed by third-party vendors and suppliers
There is no longer a clear delineation between ‘internal’ and ‘external’ threats. As Canadians begin to demand security, privacy and trust assurances, organizations will need guarantees that their third-party suppliers have suitable policies and safeguards in place to prevent cyber incidents.