The Private Investor - Spring Summer 2019

A Lesson on Cyber Attacks:

Are You Prepared?

The importance of having a robust cyber security plan in place is becoming more and more evident as cyber attacks across Canada, specifically within the financial industry, become more frequent. On a global scale, Canada ranked second as the most affected country for ransomware attacks in 2016

[i]. Accenture, an international consulting firm performed a survey that included

124 Canadian security practitioners and found that, “most Canadian companies do not have effective technologies in place to monitor for cyber attacks and are focused on risks and outcomes that have not kept pace with the threat.” [ii] On February 3, 2019, Exempt Edge Inc. was indirectly subject to a ransomware cyber attack via malware used on Exempt Edge’s parent corporation, Olympia Financial Group Inc. After an extensive investigation, no evidence was found that customers’ personal information was compromised. Exempt Edge’s system was live to all users again by February 8, just 5 business days after the attack.

Countless start-ups both in Canada and abroad are subjected to ransomware attacks every day – it’s becoming the norm. But while Exempt Edge was able to leverage the resources and technological infrastructure of its larger parent company, most small businesses either end up paying the hackers off (a temporary fix that almost always backfires) or they have their having clients’ personal information compromised.

Without proper protocols and security
put in place (items that are often wishes-
but not in the budget of many small
businesses) a cyber attack can result in
turning the lights out for a business. We
spoke to a former EMD Executive, who
discussed his devastating experience
dealing with a cyber attack last year,

“Imagine this: “You wake up Monday morning to learn that your back-office systems have been compromised and are inaccessible. You call in your IT people to get a briefing and they inform you it may take 60 days and could cost $200,000 to get things back online. The $200,000 is a lot to swallow, but it’s the 60 days that’s the existential threat. Your phone lines will light up with concerned clients and your advisors will begin to examine their options for another Dealership home. Asking advisors to go 60 days (or more) without paychecks is a deal breaker for most. This scenario is more than just plausible. It has happened, and it will likely happen again.”

No matter an organization’s size, cyber
attacks are becoming a “when”, not an
“if”. Even large organizations that have
access to in-house cyber security teams
have been unable to keep pace with
sophisticated hackers. Take for example
the University of Calgary, who in 2017
paid hackers $20,000 to decrypt their
computer networks. [iii]
Another risky assumption for start-ups is
to assume they are too small for hackers
to target them. According to the
Netcetera article, ‘Why Cybercriminals
Target Canadian Small and Mid-Size
Businesses’ hackers spend a huge chunk
of their time targeting multiple small
businesses daily asking for smaller
ransom amounts that are “reasonable”
The first step in preparing you and your
business for a ransomware cyber attack
is either ensuring your business has a
highly competent cyber security team
in-house, or utilizing a third-party
platform’s resources, like Exempt Edge
to do the work for you. The most
significant problem for small companies
is the financial burden of a having cyber
security team in-house, resulting in a lot
of companies taking the risk of going
without one. This perilous decision has
resulted in many companies falling to an
attack and going under.

The bottom line is, ransomware cyber attacks in Canada are clearly not going anywhere. Is your business prepared?

Gina Knegt

Digital Marketing and Communications Manager, Exempt Edge Inc.

[i] Symantec, “Ransomware and Businesses 2016”, at pp. 6 - 7 (“Symantec Report”).

[ii] http://www.investmentexecutive.com/-/canadian-firms-need-to-take-cybersecurity-more-seriously [iii] https://www.cbc.ca/news/canada/calgary/university- calgary-ransomware-cyberattack-1.3620979