Here is my latest work on cybersecurity

1. CYBERSECURITY AND
BUSINESS
BY: PAUL YOUNG, CPA, CGA
NOVEMBER 3, 2020

2. PAUL YOUNG - BIO
• CPA, CGA
• Financial Solutions
• SME – Risk Management
• SME – Close, Consolidate and Reporting
• SME – Public Policy
• SME – Financial Solutions
• SME – Supply Chain Management
Contact information:
Paul_Young_CGA@Hotmail.com

3. • This presentation is one perspective when it comes to cybersecurity and business

4. AGENDA
• What is Cybersecurity
• Spending / Cybersecurity
• What is market for cyber security?
• Small and medium size business issues with cyber security
• What can be done / Cybersecurity?
• PIPEDA
• EUGDPR
• Top 10 Cybersecurity Concerns

5. WHAT IS CYBER SECURITY?
• Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers,
programs and data from attack, damage or unauthorized access. In a computing context, the
term security implies cybersecurity. According to a December 2010 analysis of U.S. spending plans, the federal
government has allotted over $13 billion annually to cybersecurity over the next five years.
• Ensuring cybersecurity requires coordinated efforts throughout an information system. Elements of
cybersecurity include:
• Application security
• Information security
• Network security
• Disaster recovery / business continuity planning
• End-user education.

6. SPENDING / CYBERSECURITY
1. Boom for employment - https://www.pwc.com/gx/en/news-room/press-releases/2020/global-digital-
trust-insights-survey-2021.html
2. World-wide IT spending to grow overall by 4% - https://www.information-age.com/worldwide-it-
spending-to-grow-by-4-2021-gartner-123492259/
3. Cybersecurity companies to watch - https://www.investors.com/news/technology/cybersecurity-
stocks/
4. Global cybersecurity spending to grow to nearly 250B by 2023 -
http://www.govevents.com/details/42318/the-2021-threatscape--2021-threat-forecast/

7. CYBER SECURITY MARKET
• Cyber Security Market worth $170.21 Billion by 2020
• The report "Cyber Security Market by Solution (IAM, Encryption, DLP, Risk and Compliance Management,
IDS/IPS, UTM, Firewall, Antivirus/Antimalware, SIEM, Disaster Recovery, DDOS Mitigation, Web Filtering, and
Security Services) - Global Forecast to 2020",The cyber security market has been segmented into cyber
security solutions and services. New technologies are emerging and many players are investing into new
solutions in the cyber security market.

8. 2021 – CYBERSECURITY OUTLOOK
Source - https://www.techrepublic.com/article/9-data-security-trends-it-departments-should-expect-in-
2021/
1. Remote work is the top concern. - The report recommends that companies institute "a formal remote work
policy and by adopting the right software tools that ensure company data is safe when accessed remotely" to
prevent attacks.
2. Data breaches are four times more common for companies that allow access to company data. - According to
the report, employees should only access data that is critical to their job performance, to prevent cyberattacks
"caused both by malicious data theft and accidental data loss." The companies that do allow full access to
company data are more likely to report a data breach (50.7% of breaches reported) as opposed to those that
limit data access (12.6%).
3. Data classification alone is not sufficient. - Categorizing data as public, internal, and confidential are frequently
used by companies (82%), but "these programs alone have proved insufficient to restrict access and prevent
data breaches," according to the report. The majority of companies (62%) are still offering employees access
to data that they don't need—and these companies are reportedly 2.5 times more likely to experience a data
breach. Data access controls and authentication should be the top priorities.
4. Phishing schemes are spiking and becoming more harmful. - According to the report, "80% of employees
report receiving phishing emails, compared to 73% in 2019, and employees are 15% more likely to click on a
malicious link." In particular, marketing employees were the most likely (38%) to click on these malicious links.
5. A third of employees hit by account takeovers.
While account takeovers are nothing new, COVID-19 has resulted in a bump of online transactions. "From 2018 to
2019, TransUnion reported a 347% increase in account takeovers targeting online retail customers. And increased
reliance on e-commerce will only make things worse," the report states.

9. 2021 – CYBERSECURITY OUTLOOK
Source - https://www.techrepublic.com/article/9-data-security-trends-it-departments-should-expect-in-
2021/
5. A third of employees hit by account takeovers. While account takeovers are nothing new, COVID-19 has resulted in a bump
of online transactions. "From 2018 to 2019, TransUnion reported a 347% increase in account takeovers targeting online retail
customers. And increased reliance on e-commerce will only make things worse," the report states.
6. Improved authentication methods. - The use of two-factor authentication went up 18%, and is used by 82% of businesses in
2020. And the use and biometric data security—such as the use of fingerprints and facial recognition—went from 27% in 2019
to 53% in 2020.
7. Ransomware affected 28% of businesses. - Over the last 12 months, nearly a third of businesses were hit with
ransomware—of this group, 75% paid. Still, only 70% of those could retrieve their data.
8. VR/AR use nearly triples. - In 2020, 17% of businesses harness AR and VR for training purposes—and digital marketing and
accounting report even greater use of these tools, up to 35%. Training has moved from the physical to the virtual, and more
employees, 71%, are reporting that they must attend security training annually.
9. 86% of organizations are more concerned about data privacy. The business shifts ushered in by COVID-19, have resulted in
increased concerns among IT departments. However, knowledge of data privacy regulations, such as the EU's General Data
Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have sharply risen in the last year.

10. SMALL/MEDIUM SIZE BUSINESS – CYBER SECURITY
• A recent survey by Shred-it reveals that Canadian businesses view human error as the greatest risk to their
information security but very few are implementing training programs and establishing protocols to help
employees recognize these risks.
•
According to the 2016 Security Tracker Survey results, 41 per cent of responding C-suite executives and 47 per
cent of responding small business owners recognize that employee lack of knowledge and human error
concerning information security protocols are the biggest threats to their company in the future.
Despite this finding, Canadian businesses seem not to be prioritizing employee training and auditing on
company information security procedures and industry legal requirements. According to the study, 31 per
cent of respondents among C-suite executives say they train employees more than once a year on their
industry's legal compliance requirements. Among small business owners, 39 per cent of respondents never
train employees on their company's information security procedures, 31 per cent only do it on an ad-hoc/as-
needed basis and 47 per centonly audit their policies every few years or less.

11. AREAS OF FOCUS FOR SMALL BUSINESS
• Work with companies expert in cybersecurity
• http://www.prnewswire.com/news-releases/top-20-cyber-security-companies-2015-analysis-of-
leading-players-competitive-positioning--future-market-opportunities-300288895.html
• Antivirus software
• Norton
• 90 day rules for passwords
• VPN connections
• Changing passwords
• Backup and recovery plan
• System Audit
• Outside accounting firm
• Blocking
• Zip files
• White listing -

12. PIPEDA
• European Union
• http://www.torys.com/insights/publications/2015/10/for-safe-harbor-steer-north
• Canada and PIPEDA
• https://www.priv.gc.ca/resource/fs-fi/02_05_d_15_e.asp

13. EUGDPR
The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council in
April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating
how companies protect EU citizens' personal data. Companies that are already in compliance with the
Directive must ensure that they are also compliant with the new requirements of the GDPR before it
becomes effective on May 25, 2018. Companies that fail to achieve GDPR compliance before the deadline
will be subject to stiff penalties and fines
Source - https://digitalguardian.com/blog/what-gdpr-general-data-protection-regulation-understanding-
and-complying-gdpr-data-protection

14. CANADA AND DATA PROTECTION LAWS
In this race to collect information, the international community decided to implement an improved, controlled common
framework setting out the conditions for collecting personal data and what types of processes are acceptable. In that
respect, the European Union published the General Data Protection Regulation (GDPR), which has been in force since May
2018. In the United States, California decided to implement a data protection framework by recently passing the California
Consumer Privacy Act (CCPA). As for Canada, it already implemented in its legislation, in 2001, the Personal Information
Protection and Electronic Documents Act (PIPEDA).
Source - http://en.finance.sia-partners.com/20190709/data-protection-canada-are-canadian-businesses-providing-
enough-security-today
• More has to be done to targeted companies that have data breaches
• More has to be done to go after social media companies to ensure data is protected.
• Heavy fines
• Social security #s replacement

15. STUDY FINDS CYBERSECURITY PROS ARE HIDING BREACHES,
BYPASSING PROTOCOLS, AND PAYING RANSOM
The three big takeaways for TechRepublic readers:
• Bromium found that 10% of security professionals paid ransomware demands, and 35% admitted to
circumventing company security policy.
• Security fatigue affects IT professionals just as much as regular users. That combined with a belief
among tech pros that they're well trained and hyper-vigilant is a recipe for disaster. It only takes one
moment of complacency to put the whole network at risk.
• Work to eliminate security fatigue, increase the relevance and importance of alerts to your IT team, and
reinforce the importance of constant security vigilance. If necessary, put restrictions on your IT team to
force them to conform to security standards.
Source - http://www.techrepublic.com/article/study-finds-cybersecurity-pros-are-hiding-breaches-
bypassing-protocols-and-paying-
ransoms/?ftag=TRE684d531&bhid=23321323188161054569322732153870

16. TOP 10 CYBERSECURITY
Source - https://www.techrepublic.com/article/top-10-iot-security-risks-for-businesses/

17. IBM CYBERSECURITY