We understand the specialized markets in which you operate and provide tailored solutions to meet your unique business needs.
Our comprehensive suite of business services combines industry expertise, market knowledge and professional insights.
MNP is a leading national accounting, tax and business consulting firm in Canada.
Suite 2000, 330 5th Ave. S.W.
MNP careers are Different by Design. As an entrepreneurial firm, we truly believe there are no limits to where your career can go.
This article was previously published in B.C. Business Examiner and is reproduced with permisison.
It’s estimated that 55 percent of organizations experienced a cyber attack in the past year, many of which went undetected.
Not only are the threats of cyber attacks rising, but so is the level of disruption and damage they cause. In addition to direct financial losses, the adverse impacts on an organization’s reputation and operations can be even more severe and long lasting.
And it’s not just large corporations being targeted.
“If you think it can’t happen to your organization, think twice,” cautions Ron Borsholm, B.C. Leader, Cyber Security Services for MNP. “Successful attacks have been made on small businesses, retail chains, post-secondary educational institutions, not-for-profit organizations and even minor hockey associations. Hackers don’t discriminate.”
According to Borsholm, spear phishing and ransomware are two of the most common cyber threats.
Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. In one recent case, an organization lost significant money when the accounts payable clerk was targeted and asked by email to change a vendor’s banking information. The criminals then sent fake invoices to the organization, which were paid using the altered banking information.
In another case, the chief financial officer at a not-for-profit received an email that looked like it was from a bank the organization used. It asked her to update her user ID and password and in the rush of a busy day she quickly complied. A few days later, it was discovered that hundreds of thousands of dollars had been stolen and wired out of their account.
Ransomware is a type of malware that prevents users from accessing their computer system unless a ransom is paid. In most cases, users either click an attachment in an email or a link on a webpage which leads to their systems being compromised.
Borsholm recalls a small liquor store that recently fell victim to such ransomware. While the company was only asked for a ransom of $500 in bitcoin (which they paid), it cost more than 10 times the ransom amount to fully restore their computers to a secure state. To add insult to injury, the perpetrator sent the business owner an unofficial receipt thanking them for their “involuntary purchase.”
“Many of these organizations did not have sufficient internal controls in place such as policies, procedures and training to prevent this from happening,” says Borsholm. “Other organizations put controls in place, but then fail to test them to ensure they are working correctly.”
For example, in another ransomware attack in B.C. the company discovered their computer backups had not been working.
“Without any backups, the company was essentially left crippled with a total loss of over six months of operational and financial information until the ransom was paid,” says Borsholm.
Organizations who accept credit card payments face another concern. Under their merchant agreement, they are required to be compliant with the Payment Card Industry Data Security Standard (PCI-DSS).
Peter Guo has been working in IT security and audit since 1999 and is MNP’s B.C. Leader for Enterprise Risk Services. He says the first step in protecting your organization is to fully understand your specific situation.
“Do you know what your critical data is and whether that type of data is being targeted?” Do you understand the strengths and weaknesses of your technology? What are the threats and what internal controls do you currently have in place?”
Guo recommends a Maturity and Threat Analysis as a good starting point. This analysis provides the information you need to prioritize your risks and appropriately protect your organization.
Education across the organization is also critical through a formal and recurring awareness campaign.
“Good cyber security isn’t just a matter of putting protective technology in place,” Guo emphasizes. “Threats and technologies constantly shift and people need to be constantly reminded to stay vigilant. As organizations change, people enter new roles and have access to different systems, information and data, they need to know what’s expected of them when it comes to cyber security.”
MNP offers a wide range of cyber security services including Maturity and Threat Analysis, PCI Compliance consulting and audit, network vulnerability and penetration testing, and internal control assessments.
In our increasingly connected world, cyber attacks are happening with increasing frequency and present very real risk for businesses of all sizes. If you’re not sure about your organization’s ability to withstand one, take action today to avoid a crisis and protect your company’s assets.
Peter Guo, B.C. Enterprise Risk Services Leader, at 604.637.1513 or
[email protected] or
Ron Borsholm, B.C. Cyber Security Services Leader, at 778.432.2570 or
Categories:Enterprise Risk Services
Related Topics:Technology; Cyber Security
Suite 2000, 330 5th Ave. S.W.
Find an office near me