Is your small business vulnerable to a cyber attack? Ottawa cybersecurity experts say the answer is probably “yes.”
Already an Insider? Log in
Get Instant Access to This Article
Become an Ottawa Business Journal Insider and get immediate access to all of our Insider-only content and much more.
- Critical Ottawa business news and analysis updated daily.
- Immediate access to all Insider-only content on our website.
- 4 issues per year of the Ottawa Business Journal magazine.
- Special bonus issues like the Ottawa Book of Lists.
- Discounted registration for OBJ’s in-person events.
Click here to purchase a paywall bypass link for this article.
Is your small business vulnerable to a cyber attack? Ottawa cybersecurity experts say the answer is probably “yes.”
Nowadays, everything is reliant on the internet, according to Guy-Vincent Jourdan, an engineering professor and co-director of the new uOttawa-IBM Cyber Range training facility.
“Do you have a landline? Most businesses don’t either,” said Jourdan. “They probably don’t deal with cash anymore. We as a society are moving towards dependencies on this type of technology. If the internet goes down, we cannot operate. Even our thermostats can be attacked.”
Opened in October, the Cyber Range is a top-of-the-line facility on uOttawa’s main campus that immerses trainees in an interactive cyberattack simulation to teach them how to respond in a real-life scenario.
While the facility offers more technical training for cybersecurity students and experts, it also will soon start working with businesses and government organizations to help everyday employees understand how cybercriminals work and what they can do when a security breach occurs.
Keeping up to date with current cyber-risks has become increasingly important, he said, especially as an increase in remote work since the pandemic has accelerated the challenges.
“Almost everyone is moving part or all of their operation to the cloud,” said Jourdan. “I’m not shaming anyone: it’s a lot easier, you can do a lot of things better, and it might be cheaper. But in terms of exposure now, all of a sudden, you don’t own anything. It’s outside and it can be attacked.”
For small and medium-sized businesses, there’s an added layer of concern, said Paul Vallee, founder and CEO of Kanata cybersecurity platform Tehama, which provides an all-in security solution for hybrid and remote workplaces.
“Cybercriminals target the lowest-hanging fruit,” he said. “They’re going to target what’s easy. Since the pandemic, large enterprises have really elevated their game. They’ve adopted a lot of cybersecurity technologies and adapted their overall security posture. That means medium-sized enterprises are now becoming the targets of choice. They don’t have the scale or bandwidth to keep up.”
Microsoft’s Digital Defence Report for 2023 also found that the most targeted sectors last year were those with the fewest resources, including the education and non-profit sectors.
“They’re hitting us where we’re weakest,” he said. “They’re not going after the financial sector anymore.”
When it comes to fending off cyberattacks, awareness is an important first step, according to Scott Wright, CEO of Click Armor, an Ottawa-based company that does security awareness training for employees using a gamified platform.
“Especially for small and medium businesses,” he said. “They don’t always have the budget for advanced security technologies like large enterprises do. It turns out the employees are really the first and last line of defence.”
While many SMEs have basic password protection and firewalls in place, it can be easy for attackers to get around those if the business’s employees lack training.
“Anywhere from 85 to 95 per cent of cyber attacks involve employee decisions at one point or another,” said Wright. “Whether they’ve clicked a phishing link, or provided information through a social engineering call or text message. When you’re managing risks, what you really want is to understand the most likely things people are being targeted with.”
Phishing attacks are among the most common and often originate from employee error. With a click of a link, employees can unintentionally introduce malware into a network, leaving it vulnerable to a ransomware attack, where valuable data is stolen and encrypted until the business offers up a hefty payment.
According to Wright, it’s vital to stress the importance of cybersecurity to employees, and that starts from the top down.
“The whole security culture is guided by the top-level behaviour,” he said. “If management doesn’t think it applies to them, people are going to see that and act the same way.”