When we think of cybercrime, it’s often to imagine a straightforward bad guy working with ill intent. Those lone-wolf hackers do exist, of course—the government of Canada’s taxonomy of “cyber threat actors” refers to them as “thrill-seekers.” But Canadian workplaces are one of the most important frontiers when it comes to cybersecurity and there, organized and sophisticated cybercriminals for whom profit is the primary motive are the larger threat by far.
Sometimes, employees fall victim to longstanding threats, from phishing emails to password theft. Sometimes, however, the threats are more complex.
“Cybercrime is a well-oiled machine, with a whole ecosystem and underground industry supporting it, and a lot of money at stake,” says John Hewie, National Security Officer for Microsoft Canada. “Much of it is highly automated, and hard for many organizations to keep on top of. It’s pretty common knowledge that there’s a skills gap across businesses of all sizes in terms of cybersecurity.”
And that problem is growing. Every year, more than one-fifth of Canadian businesses report a cyber-security incident, and most experienced disruptions to their normal business. According to Mr. Hewie, those numbers are likely to grow, as increasing connectivity creates more potential for malicious activity.
“Right now, everything is changing,” says Dr. Dima Alhadidi, an assistant professor in computer science at the University of Windsor, and until this year a member of the Canadian Institute for Cybersecurity at the University of New Brunswick.
Dr. Alhadidi stresses that the first line of defense—a company’s employees—is often the most important. Changes in the way we work are exposing companies to more risk. Employees are now exposing company devices to unsecured wireless networks outside of the office, and internet-connected devices like smartwatches bring more points of entry for attack onto networks. According to Statistics Canada, two-thirds of Canadian businesses allow employees to use personal devices for business activities, and most didn’t implement any security measures to govern that use.
That’s a problem because “on the dark web, there are places where cyber-criminals can purchase malicious software, very cheaply, with little expertise, and launch fairly sophisticated attacks for ransom or other purposes,” says Dr. Alhadidi. And that opens cybercrime up to more people—even those lacking in technical know-how—creating a new panoply of threats.
So, organizations must reimagine how they confront those dangers. Dr. Alhadidi says companies need to empower their employees, engage their customers, optimize their operations and transform their products.
“This is the weakest point,” she says. “I can have [a] very secure network including all the most advanced technology, all the security controls, but if I have a problem with one employee, the chain is broken.”
Mr. Hewie concurs: “We need to create a culture where security is everyone’s problem, not simply the IT department’s job.” This is especially true, he says, for small- and medium-sized businesses, or non-profit organizations, which may not be able to put as many up-front resources toward cybersecurity and instead are more reliant on frontline staff to be vigilant.
Mr. Hewie points to a recent malware campaign called Astaroth, which used so-called “living-off-the-land” techniques—it didn’t download malicious files to a computer’s hardware, instead living in a device’s “volatile” memory. That helped it avoid detection from traditional antivirus programs, so no matter how diligent a user might be, it was able to find a backdoor.
The attacks were detected, however, by Windows Defender Advanced Threat Protection, Microsoft’s endpoint detection and response platform, which noticed unusual behaviour in a system tool pointing to malicious behaviour.
““Our Threat Intelligence Centre studies how these threat actors operate, and then uses that knowledge to improve detections for the techniques they use,” says Mr. Hewie. ““In the cloud, when one customer encounters a piece of malware that’s never been seen before, we can quickly move to protect every other customer.”
That points to the importance of engineering security features into productivity software and devices from the get-go. With more than 180 million commercial monthly active users of Office 365, and more than 800 million Windows 10 devices in use, Microsoft curates a vast amount of threat intelligence into what we call the Intelligent Security Graph, which is used to help detect, analyze and neutralize threats across cloud services and devices. ““Microsoft’s global footprint with Windows 10, Office 365, Azure, Bing and XBOX Live provide real diversity of signal, which uniquely enriches our threat intelligence,” says Mr. Hewie. “Office 365 in Canada is growing rapidly, we’re continuing to expand data centre capacity to support.”
Integrating hardware and software is also crucial. Microsoft’s Surface devices are engineered from chip to cloud for seamless integration with Microsoft 365 productivity software and built-in cloud powered security.
“We know that Microsoft can’t win unless everyone does,” says Mr. Hewie. “We’re part of a bigger world, and we want to do our part to make it safer for everyone. For eample, we have a Digital Crimes Unit comprised of lawyers, analysts, ex-law enforcement folks and great engineers, and we’re working together, every day with our security partners – and even our competitors – to improve our software, our devices, and look for opportunities to disrupt the most egregious bad actors.”
Top three emerging cybersecurity threats
MOBILE MALWARE
When the first smartphones came out, viruses and malware weren’t on the radar. Today, the threats are legion, with spyware targeting user information, passwords, calendar data and banking information.
THE INTERNET OF THINGS
Maybe you’ve never considered the security implications of an internet-connected dishwasher. Maybe it’s time to start. As IoT devices explode in popularity, they’re becoming a more common vector for attackers. With minimal computing power, no antivirus software and often no way to be updated, they can make a perfect point of entry into a network. Microsoft has been at the forefront of this threat—its Azure Sphere is a secure platform for internet-connected devices.
PHISHING
Sure, phishing is one of the oldest tricks in the hacker’s book. But it’s still one of the most common points of attack for cybercriminals, and as more and more of us are connected to colleagues and friends via “Software as a Service” (software that is hosted online and accessed via a subscription), attackers are finding new avenues into our networks. Even the old-fashioned phishing email has become more sophisticated, making it harder for even savvy users to tell when something is, well, fishy.
Advertising feature produced by Globe Content Studio. The Globe’s editorial department was not involved.