We have a cybersecurity problem in British Columbia, and ignoring it isn’t going to make it go away. On the contrary, it’s going to make it worse.
Running a business is challenging at the best of times, but that’s especially true during a global pandemic that has rocked organizations from Kelowna to Tokyo (and continues to do so). To think about another challenge on top of the major one we’re all currently facing is something that is too exhausting for many entrepreneurs and business owners to even consider. At SeekingFire Consulting, we totally get that.
However, a more proactive approach to cybersecurity is desperately needed in our province. Cybercriminals are looking to exploit the current environment for their own ends, and pretending they don’t exist or hoping you’ll get lucky in avoiding them is a perilous strategy that we, obviously, would not recommend.
Indeed, we’ve seen some massive cybersecurity breaches in recent times. For example, in the past few weeks, we’ve witnessed Newfoundland and Labrador’s healthcare infrastructure hit in the biggest cyber attack in Canadian history, a significant loss of the personal information of up to 25,000 employees at the Toronto Transit Commission, and we’ve also seen GoDaddy suffer a major breach with 1.2 million users affected. We could go on.
Against this backdrop, the BC Chamber of Commerce published their Cyber Security Business Survey results earlier this fall. The provincial results were part of a first-of-its-kind nationwide survey. The survey was created in partnership with the NCIC (National Chambers Insight Community), which is made up of provincial and territorial Chambers of Commerce throughout the country and the Canadian Centre for Cyber Security. Some of the results from the survey are alarming.
The headline stats
In BC, 196 business leaders were surveyed from August 23 to September 16, 2021. Out of the businesses surveyed, 133 (or 68%) rated their understanding of cybersecurity as average or higher. However, 61% had experienced a cybersecurity incident in the past (with phishing the most common incident accounting for 49% of the incidents the businesses encountered).
83% of respondents (99 out of 119 business leaders who answered this question) did not report their cybersecurity incidents. In addition, 9% of organizations surveyed (17) admitted to having no cybersecurity technical measures in place, with 14% (27) revealing that they have no cybersecurity business practices in place either.
So what do all these numbers mean?
We’ve just hit you with a whole lot of numbers there, so let’s make some sense of them. First, while 196 respondents is a small sample size, and that may seem like a cause for optimism, it does seem reasonable to conclude that the scale of the problem in our province is much bigger than many realize.
If incidents are going unreported, how many businesses are truly impacted? Probably many more than we think. So, where to begin?
It can feel overwhelming to consider your cybersecurity needs, like trying to shovel snow with a teaspoon. Our advice is to start small. Begin with the basics and get the right team and tools in place to help plug your data security gaps. Sticking with the snow analogy, ditch the spoon and let’s get you a good shovel pronto. And another person with a snowblower to help too!
At SeekingFire, we’re genuinely here to help (snowblower at your service), and we operate a no-judgement policy. You may be one of the businesses that have been putting this off for years. That’s ok. We see that all the time, and we understand. Our role isn’t to lecture or admonish you. It’s to roll our sleeves up, plug the gaps and get things sorted.
We offer a wide range of services based on our clients’ specific needs — from security assessments and audits to vulnerability scans (ethical hacking) and Security Incident Response Plans. We’ll work with you to determine the most appropriate fit for your unique situation and business.
Based in Kelowna, BC, we serve clients across Western Canada and provide free consultations to all prospective clients. If you would like to discuss your organization’s cybersecurity needs, please reach out; we would love to hear from you.
While we have made every effort to present accurate, unbiased and helpful information in this article, please note that it reflects the author’s opinion and is written for the purposes of general knowledge, information and discussion. This article is not intended as legal advice, nor should it be considered as advice specific to your individual data security situation. If you would like to discuss your cybersecurity needs in specific detail, please get in touch with us.