The Digital Privacy Act (DPA), passed in June 2015, was an official announcement by the Canadian federal government that cyber-security had crossed over into crisis territory. The legislation was passed to counter the growing assault on the security and privacy of companies, and in a practical sense on the citizens whose data is “out there” on company servers. The Act requires companies to:
- Report any security breaches involving private information to Canada’s Privacy Commissioner
- Maintain records of all security breaches
- Notify individuals that, due to a breach, they are exposed to significant harm
The DPA gives the Privacy Commissioner the power to audit organizations and, if any are found to be non-compliant, to impose fines.
Rising to the challenge
Many Canadian companies have been devoting resources to assessing their security knowledge, technical capability, and readiness to meet the standards set out by the DPA, and to steer clear of the negative consequences of being deemed non-compliant. Unfortunately, not everyone has responded adequately to the rising threat.
“Many companies continue to rely on the security they have always had in place,” said Ajay Sood, Vice-President and GM of the Symantec Corporation. “What this means is that that they are not evolving. While they may retain a vigilant security posture, they are not doing everything they can to keep their risk of breach low. In this is the difference between vigilance and effectiveness, or, in the context of the DPA, security compliance in the mobile and cloud era.”
That the internet has always been a kind of Wild West, a place where bad actors with sufficient cunning and motivation can prosper is a given. But things are approaching boiling point:
- Thirty-six per cent of Canadian organizations know that their data has been breached at least once over the past year (leaving aside those companies that were hacked but don’t know it).
- Since 2014, cyber-attacks against small- and medium-sized businesses has risen by 44 per cent
- The cost of a data breach in Canada rose to $6.03 million in 2016
People, processes & tech
The explosion of the Internet of Things, with its millions of connected devices, has gifted hackers with countless potential attack surfaces. In this new world, companies must, at bare minimum, get onside with regards to:
- People: Many employees today work on the run. Mobility, hip and convenient as it may be, is a wide-open door for bad actors. Companies wishing to rise to this challenge must get a comprehensive view of their networks.
- Processes: Some companies play it loose when it comes to their security processes, leaving much of it up to employees’ discretion. While most are sensible, it only takes one cowboy to open the pen. Companies that are serious about their security will work hard to put processes in place to protect their data, and to quick identify and recover from security breaches.
- Technology: This area of vulnerability covers a wide range, from unpatched software to mislaid mobile devices. Companies without control of their technology are highly attractive targets for hackers.
Secure … end to end
Symantec’s Secure Web Gateway (SWG), which allows companies to safely adopt cloud and mobile without exposing themselves — or, more specifically, the private data in their systems — to undue risk, offers:
- Secure Web Gateway Solutions: protection on the web, social media, and mobile networks, and the ability to identify malicious payloads and control dangerous content
- Cloud-Delivered Web Security: enhanced cloud and web security and compliance, which allows companies to control access, protect users from threats, and secure data
- Content & Malware Analysis: protection against advanced threats through file reputation, multiple anti-malware and analysis techniques, and sophisticated sandbox detonation
- Network Forensics & Security Analytics: complete system security visibility, advanced network forensics, and real-time threat detection
To find out more about Symantec’s SWG, click here.
To learn about GetCyberSafe, a joint Symantec-Canadian federal government initiative to provide companies with access to best practices in the field, click here.