11/16/2016 12:06 EST | Updated 11/16/2016 12:06 EST

From Corporations To SMBs, Cybercriminals Don't Discriminate

Frustrated businessman with head in hands at desk
Tom Merton via Getty Images
Frustrated businessman with head in hands at desk

It's no longer just big-name companies that have to brace for cyberattacks. We're living in a new era of threat, where all Canadian businesses -- no matter how large or small -- are susceptible to malicious attacks. The question is no longer if your company will be breached, but when.

From strange data transfers to unknown IP connections, Canadian businesses are constantly being probed by cybercriminals. And the modern threat landscape is too advanced and fast-moving for traditional security systems to monitor every potential threat.

The results are predictable. A 2016 study found that over half of cyber-attacks on Canadian businesses succeed, and cyber-attacks are on the rise with a 17 per cent increase last year. Facing near-ubiquitous threats, large-scale hacks in the same vein as Ashley Madison and Goldcorp seem almost inevitable.

But while data breaches and defaced websites dominate the news, a more sophisticated kind of attack is surging in Canada. Ransomware is an automated attack capable of encrypting an entire network in a matter of minutes. The only way to regain access is to pay a ransom for the decryption key. But even when the company pays the fee, the attacker may provide the wrong key, in which case the files become permanently locked in cyberspace.

Sometimes, though, attackers on the outside are the least of a company's problem.

A recent survey found that 35 per cent of Canadian businesses have been attacked by ransomware in the past year, three-quarters of which were forced to pay ransoms from $1,000 to $50,000. That isn't counting the cost of network downtime, which can take weeks and serious manpower to get back up-and-running.

Smaller businesses are particularly vulnerable to ransomware attacks. They often can't afford to go without their network data for long, so they pay the ransom. Even hospitals aren't immune. In March, Ottawa Hospital got infected with ransomware, and they only avoided paying the ransom by catching the malware at an extremely early stage.

Sometimes, though, attackers on the outside are the least of a company's problem. Insider threats pose a huge and underestimated risk to Canadian businesses. Cyber-attacks often prey on fallible employees with clever social engineering attacks. By sending corrupt hyperlinks or fake files from a legitimate email, attackers can trick employees into giving them network access. All it takes is one wrong click for an entire network to be taken down. And it's not just corporations that are threatened by social engineering attacks. Last year, 43 per cent of phishing campaigns targeted small businesses.

With an advanced threat landscape that doesn't discriminate hospitals from corporate giants, how can companies begin to keep their networks safe? The first step is to realize that the traditional approach to cyber security is outdated. Traditional security solutions are pre-programmed to stop only certain attacks under certain circumstances. But with such varied attacks launching against such diverse targets, the security solution for the future can't make any assumptions.

The introduction of unsupervised machine learning represents a paradigm shift in cybersecurity. This novel approach doesn't rely on knowledge of past attacks. Rather, it harnesses probabilistic behavioural models to detect anomalies and emerging cyber-threats of all kinds. This self-learning technology is capable of mimicking the human immune system to learn the unique "pattern of life" for a network, built from the raw traffic of every network, device and user in an organization.

An automated approach scales to businesses of all sizes, protecting multi-national corporations and small-town hospitals alike. By leveraging ground-breaking advances in Bayesian mathematics, unsupervised machine learning is capable of detecting ransomware, phishing attacks, data breaches and the dreaded "unknown unknowns," all because of its self-learning, signature-less approach.

If anything, the modern threat landscape encourages attacks on small, vulnerable businesses. And 60 per cent of the time, those small businesses will go under within six months of a cyber-attack. So while massive data breaches dominate the news, they only scratch the surface. In an age of relentless, automated attacks, where every business holds commercially valuable information, no company is safe.

Follow HuffPost Canada Blogs on Facebook

Also on HuffPost:

Celebritries With Hacked/Leaked Photos