Cybercrime on the rise

Cyber crimes are becoming a big concern in Canada, with every growth rate breaking records from the previous year. In 2020, CyberEdge Group reported that 78 per cent of Canadian organizations fell victim to cyber-attacks at least once. In 2021, this increased to 85.7 per cent. 

There has been increased awareness calling for cybersecurity investments. Small- and medium-sized businesses continue to be the most compromised of all organizations. In fact, they account for 41 per cent of cyberattacks in 2021, with damages incurring up to $100,000 in costs. 

The Insurance Bureau of Canada (IBC) released a report stating that only half of the affected small business owners said they implemented stronger defenses in cyber protection. And only a quarter (24 per cent) planned to invest in cyber insurance within a year. 

Cybercrime means identity and corporate theft, loss of staff and customer sensitive information, disabled servers and disruption of trades. And large financial losses potentially leading to bankruptcy. In a few seconds, your business could disappear.

Aside from recovering lost data, the costs of repairing are crippling. Some costs may include quarantining infected software and hardware, repairing or replacing infected systems and implementing stronger security.

As cybersecurity technology advances, so, too, do cybercriminals’ innovative tactics. Understanding cybersecurity and the ways a cybercriminal can compromise your system is the first step in developing a prevention strategy.

What is cybersecurity?

Cybersecurity is the prevention and protection of equipment, networks, software and data of an individual/organization through various security layers. Many programs such as Kaspersky Internet Security offer these multi-layered services. These services provide protection of email spam, malware, phishing, hacking attempts and data leaks.

But a comprehensive security strategy for a company must cover all parties concerned. All employees who work with technology must receive cybersecurity training and participate in the company’s security prevention strategy. They must also  understand the resources available to them for self-defense. Investments in IT support, experts and cybersecurity programs greatly  improve the effectiveness of security measures.

Common types of cybercrime


Malware is designed to gain unauthorized access to a system and disrupt it by modifying, destroying, blocking or rendering data. It can also significantly affect the performance of the system. Examples of malware include worms, trojan viruses, spyware and adware. 


Phishing is a common counterfeit communication operation. It can be found through emails or text messages that appear to be from a credible source. Cybercriminals often manipulate vulnerable people into clicking their links using emotional strategies like fear, curiosity or greed. Once a link is accessed, private data is stolen.


Ransomware is one of the most significant threats to businesses globally. It encrypts sensitive data until a specific ransom in Canadian dollars, bitcoin or cryptocurrency is paid. In some cases, this data is not recovered and is completely deleted by the cybercriminal. More people began to work from home in recent years. This has sparked more opportunities for online criminals to target small businesses.

Disrupted denial of service (DDoS)

A DDoS assault disrupts the traffic of a business server, service or network. It does so by flooding it with so much malicious internet traffic that the server crashes. A cybercriminal accomplishes this by creating hundreds to thousands of “botnets”. These make up a literal army of infected devices that cooperate under the criminal’s command.

Incident response plan

Often, in the unfortunate event that a data breach does occur, if there is no incident response plan laid out for all staff to use, panic can quickly ensue. The Canadian Centre for Cyber Security recommends that staff always have a written response plan on hand. This ensures that a productive response is carried out without incident.

Each response will vary based on the incident of each business. They claim the incident response plan should at least stick to the PICERL process:


Identify the first steps employees should take when a potential incident has occurred. Examples include evaluating risk assessment, information on symptoms of a data breach and assigning specific roles to every employee. As well as contacting professional staff or affiliated businesses as soon as possible.


Outline how your organization will identify and detect an incident. As evidence of a data breach, this phase requires all data available for access. This can include log files, error messages, intrusion detection system reports and firewalls to be documented. Assess the severity of the breach and track down the source.


Outline the unique actions your organization must take to prevent further damage from occurring and shut down necessary devices. Some steps could be: change all passwords while documenting old ones and contact all potential at-risk individuals and your bank. Then, disable remote open access on the internet until the malware has been eradicated.


Provide instructions on how your staff can remove and restore infected systems. This can be as simple as disconnecting infected devices and wiping out the virus with an antimalware program. This may require more complex steps, which all IT professionals must conduct.


Specific staff should be instructed on how to restore backup data and replace or wipe data storage drives. IDS systems also proposes activating a cloud-based replica of your entire network. It could save your whole business by allowing operations to continue while investigations continue.

Lessons learned—make sure it doesn’t happen again!

This may be the last step, but keep in mind that it should always be first in your prevention plan. Take inventory and understand how the incident occurred in full transparency with your team. Then, evaluate your incident response plan to see if there could be additional improvements.

Even with the most advanced security measures, human error will continue to pose a serious threat to your business. Your employees are your greatest asset and greatest responsibility. As a leader, you cannot hold people responsible for future mistakes if you do not prioritize safety via education. Short-term cybersecurity training can save you from long-term damage.

Leave a Reply

Your email address will not be published. Required fields are marked *