This document summarizes a cyber security planning panel discussion. The panelists discussed (1) the importance of cyber security for all organizations, even small and medium enterprises, as attackers target any organization that may have assets; (2) that all organizations have cyber security responsibilities to customers, stakeholders, and authorities; and (3) that organizations can take action to improve their cyber security through basic measures and defenses. The panel then covered specific cyber security threats like ransomware and weaponized artificial intelligence, trends showing small businesses and public sectors are increasingly targeted, and best practices for mitigation including having a plan, insurance, and a cyber security partner.

1. CYBER
SECURITY
PLANNING 101

2. ANDRE W LOSCHM ANN M A RK G A U DE T RYAN VALLE E
PANELISTS
BRYAN HARALOVICH
Partner,
Welch LLP
President & CTO,
Field Effect Software
Product Line
Manager, CIRA
Senior VP,
Fully Managed

3. Cyber Security and SMEs
Andrew L os ch ma n n

4. 3 messages for
SMEs in 2019:
You can do something
You are important
You have cyber security
responsibilities

5. Message #1
You are important.
• Threat actors (“attackers”) are not individuals, they’re organizations.
• The motivation is almost always financially motivated.
• Like most organizations, they adapt. In 2019, this means automation and
scale: Data theft and resale, Credential sales, Ransomware, Financial
Redirection… what’s next?
If you have any assets, or have the potential to have an asset, you are a
target.

6. Message #2
You have cyber security
responsibilities.
• Customers
• Stakeholders
• Regulatory, Industry and other authorities

7. Message #3
You can do something.
• It is not an impossible problem.
• Cyber Security threats are well understood at this point, as are
effective defence strategies.
• This technology, knowledge and process needed to make a real
difference is not out of reach.
• Believe it or not, the basics matter, and making a mistake on the
basics are what will get you into trouble.

8. Measuring
Success
Cyber Security is
measurable and should:
• Be continuous
• Improve your network
• Lower your risk (and
costs)

9. D-Zone Cybersecurity
MARK GAUDET

10. Organizations
have
implemented a
multiple security
tools.

11. Of organizations reported
being compromised last
year. This number
approaches 100% in larger
organizations.
43%

12. Canadians
understand
the
importance of
layers.

13. DNS as a Layer of Defense
Use of DNS Firewalls
Could Reduce 33%
of All Cybersecurity
Breaches.

14. DNS Firewall as layer of defense

15. Of malicious data
breaches came from a
form of cyber-attack that
leverages emails, texts,
phone calls or even in-
person visits.
93%

16. Only 54 per cent of small
businesses provide cybersecurity
training for their employees even
though the most common form
of malware seen by our
respondents, phishing attacks (42
per cent), directly exploit
employees as a point of
weakness.
54%
The Human Layer of Defense

17. Reduction in users clicking
on phishing emails after
implementing D-Zone
Cybersecurity Awareness
Training.
3x
Transform your users into a human firewall

18. The most integrated training, phishing simulation, gamification and
measurement tool available.
D-Zone Cybersecurity Awareness Training
Score and
measure
Ongoing and
Remedial Training
“Turned cyber risk from
something to lose sleep
about into something we
effectively manage”
C-Therm Technologies
Awareness
Survey
Phishing
simulation
End user
training
modules
and risk
analysis

19. CIRA delivers a family of cybersecurity
services to Canadian organizations.
D-Zone Anycast DNS
Authoritative DNS for
your domains
 Improve
performance with
a global footprint
 Protect from DNS
DDoS and DNS
hijacking
D-Zone DNS Firewall
Recursive DNS with
threat blocking
 100,000 new
threats blocked
daily
 Stops malware
command-and-
control
D-Zone
Cybersecurity
Awareness Training
Phishing and training
for end-users
 Most integrated
platform
available
 Reduce user
clicks on malware
links by 3X

20. Summary
• Defense in Depth
• Leverage additional layers
• DNS
• Staff

21. Fully Managed – Cyber Security
RYAN VAL L EE

22. Current threats and who they are
targeting
The Continued Increase in Ransomware.
• In 2016, a business fell victim to ransomware every 40 seconds.
• 70% of all malware attacks last year were ransomware.
• 91% of cyberattacks begin with spear phishing email, which are
commonly used to infect organizations with ransomware.
Cybersecurity Ventures predicts cybercrime will cost the world in excess of
$6 trillion annually by 2021, up from $3 trillion in 2015. Ransomware is
expected to worsen and make up a proportionately larger share of total
cybercrime by 2021.

23. Weaponization of Artificial Intelligence
• Security companies are using AI to protect environments and users,
therefore it is certain that the hackers are following suit in their attack
methodologies.
• Hackers leverage AI in spear phishing exploits to create carefully
targeted messages that trick people into sharing sensitive data and
installing malware.
• AI is used to collect information about a target organization from
across the internet, to instigate detailed and targeted exploits, and
crack passwords.

24. Who Are They Targeting?
• 71% of ransomware attacks in 2018 targeted small businesses, with an average ransom
demand of $116,000 USD.
• Consumer-targeted ransomware attacks have declined by 33% since the end of 2018.
• Ransomware attacks on business targets have seen a substantial increase in the first
quarter of 2019, up by 195 percent since the fourth quarter of 2018.
• 16% of cyber-attacks target public sector entities, 15% focus on healthcare organizations,
and 10 % of attacks target the financial industry.
•
•
•
•
•
•
•
•
•

25. Who Are They Targeting? - Continued
• As can be seen from the data, public administrations are a very large target and this has
been seen with the number of public municipalities which have suffered breaches
recently.
• “There's over two thousand municipalities in Canada ... they hold a lot of sensitive
information on individuals ... on properties, on a lot of transactions. They're very
vulnerable.” Dan Mathieson, mayor of Stratford … in a CBC news report after the
municipality was hit with ransomware on 14th April 2019.

26. Best practices in Risk Mitigation
(Financial, public and brand damage)
HAVE A PLAN CYBERSECURITY INSURANCE CYBERSECURITY PARTNER

27. Disclosure issues
surrounding the Personal Information Protection and Electronic
Documents Act (PIPEDA)
PIPEDA applies to private-sector organizations across Canada that collect, use or disclose
personal information in the course of a commercial activity. As of 1st November 2018, it is
mandatory to report to the Privacy Commissioner of Canada breaches of security
safeguards involving personal information that pose a real risk of significant harm to
individuals. Failure to report such a breach can lead to fines of up to $100,000. (source:
Government of Canada & Global News)
•
•
•

28. W R I T T E N
P L A N S
Prevention Policy
Essential steps for preventing attacks
S E C U R I T Y
H Y G I E N E
B E T T E R
A U T H E N T I C A T I O N
2 - F A C T O R
A U T H E N T I C A T I O N
E D U C A T I O N

29. Call for help!
Business Continuity Plan
Steps to take after a cyber attack
Disconnect the
internet
Isolate the
Servers
Call Insurance
Company
Execute DR
Plan
Find Patient
Zero
Clean the
Environment
Restore Data
and Servers
Report the
Breach
Ongoing impact

30. ANDRE W LOSCHM ANN M A RK G A U DE T RYAN VALLE E
PANELISTS
BRYAN HARALOVICH
Partner,
Welch LLP
bharalovich@welchllp.com
613.236.9191
President & CTO,
Field Effect Software
aloschmann@fieldeffect.com
613.686.6342
Product Line Manager,
CIRA
mark.gaudet@cira.ca
613.237.5335
Senior VP,
Fully Managed
Ryan.vallee@fullymanaged.com
613.591.9800

31. THANK YOU