Tag Archive for: MediumSized

Only 34% of small and medium-sized business employees report receiving mandatory cyber security awareness training


 New IBC report card shows there is room for improvement in cyber security awareness

TORONTO, Sept. 22, 2022 /CNW/ – New Insurance Bureau of Canada (IBC) research has found that small and medium-sized Canadian businesses have been slow to adapt to increasingly frequent and sophisticated cyber attacks. The results are featured in IBC’s first Cyber Savvy Report Card, which assigned Canadians a “C” letter-grade for cyber safety actions and knowledge.

IBC’s report card is informed by the results of a survey of 1,525 Canadians that work at small and medium-sized businesses (defined as businesses with fewer than 500 employees). The survey revealed a number of startling findings:

  • Two-in-five of employees surveyed (42%) say they have seen an increase in cyber scam attempts over the last year.
  • Only a third of surveyed employees (34%) report that their company provides mandatory cyber security awareness training.
  • Only half (50%) of employees surveyed report that their organization has introduced multi-factor authentication, a critical cyber security defence mechanism that requires a user to provide two or more verification factors to access a corporate network or application.
  • Only a quarter of employees surveyed (24%) report that their employer conducts phishing email simulations to help promote cyber vigilance.

“As cyber criminals get savvier, it’s our collective responsibility to stay one step ahead,” said Celyeste Power, Executive Vice-President, Strategic Initiatives and Advocacy, IBC. “That’s why IBC has launched cybersavvycanada.ca, a new cyber education initiative to help small business owners and their employees better understand the threat of cyber attacks and what they can do to reduce their risk.”

Employees’ actions increase their company’s cyber security risk

IBC’s survey also revealed that 7 in 10 employees of small and medium-sized businesses (72%) reported at least one behaviour that could allow a cyber criminal to gain access to their company’s computer systems. This strengthens the argument for more employers to take action to reduce cyber threats. According to survey respondents:

  • 27% use one password to access multiple websites they use for work;
  • 23% access public…

Source…

Why Small and Medium-Sized Professional Service Firms Are a Big Target for Ransomware Attacks


If you focus only on the headlines, even in the specialist tech press, you’d be forgiven for thinking that ransomware attacks were mainly a problem for larger businesses and institutions. Those incidents which make the news tend to feature attention-grabbing numbers. These can be either in the size of ransoms demanded or the costs of restoration and recovery. Another type of attack that will always get in the news, would be related to vital services – the hospitals, schools, police departments, or other government services – whose disruption is likely to cause widespread concern. When a major bank, tech firm, logistics or telecoms provider, or well-known institution is knocked offline for days at a time, it tends to make the news.

At the other end of the scale are the individuals, and perhaps micro-businesses, hit by entirely automated malware infections. In these cases, mostly ultimately traceable to a spam email, or malicious advertisement in a video game, someone’s personal PC or laptop has been locked up and cherished photos, a draft of a novel or list of local customers is leveraged to extort a few hundred dollars in Bitcoin. 

For much of the history of the ransomware threat, these have been the bulk of the victims, and the topic of most of the scare stories, at least until the rise of cloud services and automated duplication of data across devices gave us all an easy way to back up our data. But in between these two, there is another group which gets far less attention than it should – small to medium-sized businesses, many of them providing professional services such as legal or financial advice. Small businesses are the largest employer in the US, and make up the foundation of the US economy.  The impact prevalence of ransomware on this industry segment stands out from other industries.

Ransomware Stats for Small and Medium-Sized Businesses

Coveware’s latest set of statistics from Q3 of 2020 show that more than 70% of ransomware incidents were companies with fewer than 1,000 employees, and 60% had revenues of less than $50 million. Looking at the breakdown by industry sector, more than a quarter of companies are in the professional services category, by…

Source…