Cyberbreaches Can Be Better Controlled Through Reporting

These are strange times in Canada – and around the world. Not only is it the first pandemic many of us have seen (and hopefully the only one we will see) in our lifetimes, but the digital world is growing exponentially as well.

While there are other factors that are shifting and changing around us, the interesting thing about these two things (the pandemic and the digital world) is that they are moving hand-in-hand. As people spend more time at home, their reliance on electronic connectivity increases. It’s been a boom for businesses in the digital space, but it’s also been a major opportunity for cyber criminals.

According to Cyber Security Team’s Guide: Balancing Risk, Security and Productivity, cybersecurity training for employees is falling short with only 44% receiving training in the past year. The same study notes that three in 10 employees don’t have a problem with leaving their work-issued devices unlocked and accessible to other members of their household. Consumer Trends report in Q1 of 2021 noted that 37% of US consumers said their online spending had increased over the last three months.

The Need for Cybersecurity Professionals

What all this means is that there is an ongoing and increasing need for individuals with cybersecurity training. These people are needed at an organization-level in greater numbers to help keep cybersecurity issues at bay. This isn’t just a matter of IT know-how. Cybersecurity is a specific and unique part of IT and the need is growing exponentially, Unfortunately, numbers of trained professionals haven’t kept pace – there is a constant need for more people trained in cybersecurity in courses including A+ training, secuity+ training, network+ training, and CySA+ training.

Having greater numbers of trained professionals not only helps protect the organization and its reputation, it also helps to protect the consumer who will inherently destroy an organization’s reputation if a cyber attack occurs. Think of how consumers respond when a breach occurs. They aren’t understanding – it’s their personal information! So, their response is swift and brutal. Prevention is the key.

Reporting of Cyberbreaches

Even those who haven’t taken cybersecurity courses play a role. Whether that’s employees within an organization who unwittingly create an opening to attacks or consumers who leave themselves at risk, breaches should be reported.

The government of Canada takes cybersecurity seriously and notes that organizations have a mandatory duty to report breaches that: involve personal information that pose a real risk of significant harm. Organizations must also notify impacted individuals and keep records of all breaches.

But don’t panic! Obviously having a cybersecurity breach is stressful as it is but wondering if you need to report it can add to that stress. Fortunately, the government site outlines what organizations and individuals need to know about reporting a breach.

What Does PIPEDA Have to do with it?

Years ago, in 2000, PIPEDA (the Personal Information Protection and Electronic Documents Act) was enacted and how personal information was used and disclosed in Canada became more heavily managed. If an organization in any way is responsible for personal information being breached, they have to obey the rules created under the ACT to protect the information they collect.

While PIPEDA is a nation-wide act, some provinces, like BC, have similar laws that allow organizations to be exempt from PIPEDA. The point to note here is that the laws are substantially similar, so while an organization isn’t always subject to PIPEDA, they will be subject to a number of regulations that are very similar.

Ultimately, reporting of breaches is about whether there is a real risk of significant harm resulting from the breach to any single person. One person or thousands isn’t the point – it’s any single person who has had their information breached. Organizations, therefore, need to be very careful about their management of personal information. It’s essential to understand the responsibilities of an organization while also working to prevent any security breaches that may occur.

What About Individuals?

While there isn’t a requirement for individuals to report cybersecurity issues, taking the time to note these incidents helps everyone. Reporting starts at the Canadian Centre for Cyber Security Report a Cyber Incident page where people can select the type of cybercrime they have experienced and report it.

As Canadians continue to make use of electronics and digital connectivity, their risk of cyber security incidents will rise. Organizations and individuals are at risk and they can report what happens so that all Canadians are working together to help improve the protection from cyber attacks. 


Written by Ronda Payne

Comments

Post a Comment

Popular posts from this blog

What is Ethical Hacking?

Quite often, information security professionals are required to have CEH certification, which means they have the knowledge of ethical hacking and are able to perform it as part of their work responsibilities. Ethical hacking, which is also referred to as penetration testing or intrusion testing, is an essential part of assessing the vulnerability and weakness of computers, networks and information systems. As a result of ethical hacking, security specialists identify the risks of real attacks and take measures to protect the organizations they work for. It is recommended that IT specialists take a certified ethical hacker course to understand the procedures of ethical hacking and the instruments they are allowed to use. They should adopt the mindset of a hacker for the duration of the penetration test and find out the answers to the following crucial questions: 1.        What can the possible attacker gain access to? What information or system is the most vulnerable and should
Read more

Why The CISSP Exam Changes

Image
If you’re looking to become a certified information systems security professional you need to get your CISSP Certification. In order to get your CISSP Certification, you need to take the CISSP exam. Before you take the exam, you need to get CISSP training, like the (ISC) 2 accredited CISSP exam prep course offered at TechnoEdge.   If you’ve been looking into taking the exam you may have noticed a recent announcement that the exam will be updated and changed in 2021. The CISSP exam is actually updated on a fairly regular basis. Typically, each update happens 3 years after the last. The CISSP has seen updates in 2012, 2015, and 2018. This may seem unusual, but there’s good reason for keeping the exam updated regularly.   A Rapidly Changing Profession Certified information systems security professionals are based in the technology sector, and the tools and knowledge required to perform their job are constantly changing and evolving. By updating the exam on a regular basis, the CISS
Read more

How to Get a Cybersecurity Job

Image
Cybersecurity is a booming industry and one of the best ways to get involved in the tech sector. There are hundreds of thousands of openings in cybersecurity with almost as many job titles to choose from. Ethical hackers, IT security managers, network security specialists, incident responders, and so many other positions are all viable options for a cybersecurity career. To help set you on the path to an exciting career in cybersecurity, we’re going to go over how you can find a job in the industry, and what you’ll need to stand out in the job market. Take Stock of What You Know If you’re already in IT and looking to specialize in cybersecurity, you can use your current skills to narrow down what role you’ll play in cybersecurity. If you’re skilled at writing and understanding code then you’ll be able to identify and protect against malicious code. You could even build on that existing skill by taking an ethical hacking course, like the one offered at TechnoEdge. Even if you do
Read more