“Although 68% of Canadian businesses surveyed acknowledge the importance of implementing data governance processes, a significant number have yet to formalize these measures,” states Steve Small, Director of Sales at Blair Technology Solutions (NOVIPRO's sister company).
He further notes that many organizations fail to fully consider both the immediate and long-term consequences of a security breach. “The financial, reputational, and operational implications are often underestimated,” he adds.
Roger Ouellet, Director of Security Practice at NOVIPRO, emphasizes that addressing cybersecurity challenges requires more than just IT department involvement: “Cybersecurity should be viewed as a strategic business decision, yet there is frequently insufficient engagement from leadership and other key departments”.
Buy-in and Collaboration are Essential
What strengthens an organization’s defense against cyber threats? It requires buy-in and collaboration across all business units, from marketing to finance to human resources, working in close partnership with the IT department.
“As part of a business impact analysis, we engage with each department to understand their specific needs. We ask what assets need protection and where vulnerabilities may exist. This information is then mapped to IT requirements,” explains Mr. Ouellet.
The IT Trends Report reveals that 91% of respondents express confidence in their IT teams' ability to manage security. However, the report also cautions that this confidence may be misplaced, given the overall lack of investment in cybersecurity training, solutions, and insurance.
The survey further indicates that 21% of respondents have experienced a cyber threat. While this figure may seem low, the report suggests that it could be an underestimation, as companies may underreport incidents due to reputational concerns or may remain unaware of breaches that go undetected for extended periods.
This underscores the reality that cyberattacks can originate from a variety of sources. According to the IBM X-Force Threat Intelligence Index 2024, “Cybercriminals are increasingly leveraging valid accounts to access networks, rather than relying on traditional hacking methods.” This method emerged as the most common entry point into victims' environments last year.
“Cybercriminals are exploiting pilfered login details, emails and other personally identifiable information to gain unauthorized access to confidential data, and exploiting generative AI to fabricate convincing fake identities to mislead unsuspecting victims,” says Chris Sicard, IBM Canada’s Security Consulting & Delivery Leader.
He further highlights that AI is also playing a crucial role in combating cybercrime. “By leveraging AI-driven solutions, both individuals and organizations can enhance their cybersecurity frameworks and better protect sensitive information from cybercriminals seeking to steal data.”
Even Trusted Employees Require Ongoing Training
With cybercriminals increasingly accessing valuable data through legitimate channels rather than infiltrating systems directly, “It is essential to ensure that employees know how to secure their access points,” emphasizes Mr. Ouellet.
According to the IT Trends Report, 91% of Canadian businesses express confidence in their IT teams’ ability to manage security. However, as demonstrated by IBM X-Force, cybercriminals often bypass these defenses by exploiting valid accounts to gain entry. Consequently, organizations must ask: Are all employees adequately trained to protect the organization?
Mr. Ouellet advocates for the implementation of a zero-trust network access model, which mandates authentication for any remote access by employees.
Employees also represent a significant vulnerability in terms of access to a company’s most sensitive information. The IT Trends Report from NOVIPRO Group reveals that 40% of cyber threats are attributed to malicious internal actors.
“There is a prevailing misconception that threats are only posed by external entities through ransomware, phishing, or spear-phishing attacks,” notes Mr. Small. “It is crucial to train and monitor employees who have access to sensitive data and to establish stringent security measures to safeguard this information.”
Practice the Plan
In addition to securing data and training employees, what constitutes a best practices strategy for cybersecurity? Organizations must regularly run through incident scenarios to ensure that all stakeholders are well-prepared to respond effectively before, during, and after an attack.
“Incident response planning is essential. It’s not sufficient to merely have a plan in place; organizations must practice the plan and continually incorporate the lessons learned from each exercise,” asserts Mr. Ouellet.
In the ever-evolving digital landscape, threats are constantly changing. Therefore, companies must adopt proactive measures to stay ahead, including the development of a comprehensive Business Continuity Plan (BCP). NOVIPRO has developed a resource that outlines the necessary steps for creating an effective BCP.
Mr. Ouellet emphasizes that allocating appropriate time and resources to combat cyberattacks should be a top priority for organizations of all types and sizes.
While the IBM report highlights a significant rise in attacks targeting industrial sectors, particularly manufacturing, the reality is that any organization can be vulnerable.
“Do not assume that being a smaller organization means you are exempt from such threats,” cautions Mr. Ouellet. “It will happen — it’s only a question of when.”
Want to learn more?
Discover all of our cyber security articles
Read our article 5 common myths about cybersecurity
Download our free case study on secure communication networks
