What you need to know about the cyber threat landscape

What you need to know about the cyber threat landscape | Insurance Business Canada

Cyber

What you need to know about the cyber threat landscape

Expert highlights evolving nature of cyber risks

The past year saw several Canadian organizations making headlines after being targeted by cyber attacks.  

Calgary-based Suncor Energy is among the most recent victims of such attacks. In late June, many of its Petro-Canada sites had been unable to process credit or debit payments following a network disruption caused by the breach.  

There was also the widespread data hack that impacted thousands of Nova Scotians when a Russian-affiliated cybercriminal group attacked the MOVEit file transfer service used by government agencies.  

Considering this threat landscape, Michael McCallum of AXIS Insurance highlighted the growing demand for cyber insurance and how this has pushed the market to become more competitive.  

In a recent interview with IBTV, the cyber underwriting leader commented on the market’s increased capacity. This growth should be driven by a commitment to improving cyber as a “specialty product that requires specialty expertise.” 

The need for specialty expertise is particularly crucial as threat actors continuously refine their methods, McCallum said, pointing to ransomware as the top threat businesses must look for.  

“It’s evolved from simply a threat,” he said. “Actor encrypts data for extortion, for a payment, and it’s moved to more of a form of double extortion, where not only can they encrypt the info, but they’re also exfiltrating the information and now control it.” 

To mitigate these risks, McCallum stressed the importance of ongoing employee cybersecurity awareness training, calling it the “best first line of defense.”  

“Businesses can educate their employees not only how to spot phishing attempts, but also on general cyber security concerns and trends,” he said. “I think that really goes a long way. 

Other measures that McCallum said are necessary for “good cybersecurity posture” include:

Implementing multifactor authentication.
Maintaining regular data backups.
Applying critical software security patches at regular intervals. 

“The key thing is to make sure that it’s ongoing and embedded within the company,” he added. 

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!