Blakes releases new report to help Ontario businesses navigate cybersecurity risks

The study found that 50 percent of cyber security incidents occurred in Ontario

Blakes releases new report to help Ontario businesses navigate cybersecurity risks
Sunny Handa is a partner at Blake, Cassels & Graydon LLP and leader of the firm’s technology group

Cybersecurity incidents at Canadian businesses continue to grow at an alarming rate, according to a new study by Blake, Cassels & Graydon LLP. The third annual Blakes Canadian Cybersecurity Trends Study found a rising number of security breaches with the most attacks in Ontario, and the leader of the firm’s technology group, Sunny Handa, says the attacks are more sophisticated with higher ransoms.

Since the COVID-19 crisis forced many businesses to adapt to a remote work environment, the risk of cyberattacks has risen. The study found that 50 percent of cyber security incidents occurred in Ontario because the province has the largest population and business concentration in the country.

“Everyone will get hit eventually,” Handa says. “How bad it will be will depend on how much work companies have done to protect themselves.”

The study found that 55 percent of cyber breaches were ransomware attacks and 25 percent of ransom payments exceeded US$1million. “More threat actors have emerged this year and are vicious in certain ways,” Handa says. “The bad guys are organized. It’s almost as if they’re operating as a business. They’re saying it’s nothing personal, and we must do this to you.”

The study also found that 83 percent of companies hit with a cybersecurity incident did not report it to law enforcement and unpatched software vulnerabilities caused 34 percent of cybersecurity incidents.

“Once data is digital, people store it in different places and keep old data lying around making it dangerous because the threat actor makes a copy when a company is hacked, and data gets stolen,” Handa says.

Cyber breaches are not an intellectual property issue but an enterprise risk problem, and it is frustrating to spend most of the time dealing with a cyber crisis after a ransomware attack instead of prevention, Handa says. “It is not just the IT department. It is the board, your CEO, CFO, general counsel or chief legal officer.”

The study found that threat actors continue to approach ransomware as a service and are moving to a licensing model to increase revenues. In addition, hackers post fragments of stolen data online and set a doomsday clock that counts down to the publication of the entire data set.

While many businesses understand the severity of security breaches, Handa says many companies often stop engaging with technology professionals because of other priorities and technology consultants find it challenging to keep them focused on safeguarding company data.

He says that organizations must protect themselves and allocate human resources within the company to work with consultants and professionals to help minimize their vulnerability footprint. “They need to be trained and taught that this can happen and that this is how bad it will be.”

He says centralizing data is crucial to protect cyber information better because companies often investigate a security breach only after it is realized. However, as companies become more sophisticated in the digital world, he says businesses recognize they do not need to hold on to all data indefinitely.

Handa says lawyers have stepped into the role of cyber breach coaches because data and privacy laws continue to evolve with cyber threats and companies need to comply.

Recent articles & video

Law firm managers struggling to fill roles as demand for lawyers continues: recruiter report

Stikeman Elliott, McCarthy Tétrault assist in Osino’s $368 million sale to China’s Yintai

BC Supreme Court orders full compensation for victim in three-car collision

Alberta Court of Appeal upholds jurisdiction in cross-border divorce case

Federal Court denies anonymity for Uyghur applicants in permanent residence case

BC woman wins Provincial Court case against dentist for unauthorized and negligent dental work

Most Read Articles

BC lawyer ordered to pay up for attempting to use ChatGPT ‘hallucinations’ in application

Artificial intelligence hallucinations in legal research may become a thing of the past

BC Supreme Court deals with complex property and separation agreement dispute

US court says Baker & McKenzie LLP can face malpractice suit in Chicago