Nearly one-third of Canadian companies surveyed say their staff have been suckered by phishing email; jail time for a U.S. hacker for hire; and why spelling mistakes can be costly.
Email phishing campaigns are a big problem, with people clicking on malicious links and opening malicious documents every day. How bad is it in Canada? According to a survey of businesses who use the .ca domain by the Canadian Internet Registry Authority (CIRA), 32 per cent of respondents said users at their firms had unwittingly divulged information after falling for phishing tactics.
In an interview Dave Chiswell, CIRA’s vice-president of products, said the number shows security awareness training and defence in depth are still needed in many organizations. “There’s a game of cat-and-mouse out there. As people up their cyber security protection the bad guys up their ability to infiltrate and manipulate information in loopholes.”
Nineteen per cent of respondents also said their companies had been hit by ransomware. That’s a “fairly high number,” said Chiswell, who expected the number would be lower. Most respondents to CIRA surveys are small and mid-sized businesses, so the authority believes these results show that these sized firms are being increasingly hit with ransomware.
Seventeen per cent said their organization had experienced between one and three denial of service attacks, three per cent had experienced between three and 10 attacks, and two per cent had experienced more than 10 attacks
CIRA governs the use of the .ca domain. The survey covered 1,985 Canadians who own at least one .ca domain registered to either a business or an institution.
Every once in a while police get the bad guys. Last week a Chicago judge sentenced Zachary Buchta to three months in prison for his role in a “hacker-for-hire” service called Lizard Squad. It shut down company websites and harassed thousands of people around the world, the Chicago Tribune reported.
Buchta and a co-defendant who lived in the Netherlands operated websites that enabled paying customers to select victims to receive repeated harassing phone calls from spoofed numbers. That unnamed co-defendant was prosecuted by Dutch authorities.
Buchta, 20, pleaded guilty last December to one count of conspiracy to commit damage to protected computers. As part of his plea deal, he has to pay $350,000 in restitution to two online gambling companies that were victimized.
Finally, it’s easy to make a mistake when you’re typing the name of a web site you’re going to. But security reporter Brian Krebs reminds us a typo could be costly. For example, typing .cm instead of .com could take you to a malicious web site.
Taking advantage of typing mistakes in a company name is called typosquatting. It’s as old as the Internet. It’s remarkable, writes Krebs, that so many huge corporate brand names aren’t doing more to police their trademarks and to prevent would-be visitors from falling victim to such traps. Companies can complain to the World Intellectual Property Office and take control over a disputed domain name.
As for users, bookmark the sites you visit most rather than type their names in a browser. And when you do type a name, do it slowly.
Cyber Security Today is produced by IT World Canada. Subscribe on Apple Podcasts, Google Play, or wherever else you listen to podcasts.