Cybercrime on the rise: RCMP

OTTAWA – George Edwards thought that his company’s security measures were pretty good until the day a third-party assessor came in to test the steps ProPharm had taken to protect itself from attacks.

But when the person sent by IBM to test the company’s security system walked right into its Markham, Ont.-based offices, it realized it hadn’t taken everything into account, said Edwards, a vice-president at the company, which supplies computer technology to pharmacies. And when the assessor asked who the CSO was, Edwards was once again at a loss.

“We were thinking we’re pretty good,” he said. Edwards was speaking during an event held here Wednesday, where the results of an Ipsos-Reid study on Canadian CEO’s attitudes towards security were announced. [Please see Ipsos Reid: Security low priority to Canadian CEOs.]

But, he noted, the outside evaluation showed the company there were many areas in which it could stand improvement.

ProPharm’s once half-hearted approach to security isn’t that different from the attitude of other Canadian companies, according to a poll conducted by Ipsos-Reid. Security is only a second priority concern for Canadian CEOs, said David Saffran, a senior vice-president and managing director to Ipsos-Reid Corp.

In a poll of 250 CEOs, protecting the company from malicious attacks came in fourth in a list of priorities, behind reducing the company’s overall expenses, maintaining and building revenues, and hiring qualified staff.

This lukewarm approach to security could come at a cost. According to RCMP statistics, cybercrime is up 65 per cent from last year. And a large number of hacking events go unreported each year, as companies are afraid of going public with such information, said Sgt. Charles Richer, a team leader with the technological crime unit at the RCMP in Ottawa.

Cyber attacks have gotten more sophisticated since the days of Mafia Boy, Richer said. Though unable to go into details of the cases he’s investigated, Richer said in one denial of service attack, a company was losing $100,000 a day.

Theft of data is happening at a good pace, he said. Smart card cloning through reverse engineering is also possible, if there isn’t enough security.

Although individual viruses aren’t as common as they once were, more worms are starting to appear, Richer said.

“We’re investigating things that could have been prevented,” he said.

Many of the crimes are internally generated, Richer said. In many cases, the attack is either generated from within the network or the victim knows the perpetrator.

In many cases, people are the weakest link. “Human issues are at the heart of the matter,” Richer said. That’s why it’s essential to train and communicate with employees.

In the Ipsos-Reid study, 46 per cent of CEOs reported being hit with a widespread infection by malicious software, and 20 per cent admitted to being hit by an external hacker in the past year.

To combat such attacks, it’s important to get an outside assessment of your security system while it’s still in the design phase, ProPharm’s Edwards said.

The company was forced to undergo such an assessment in order to comply with the Ontario government’s requirements.

As a supplier to pharmacies, the company is more attuned to the importance of protecting confidential information than most companies, but this is something all organizations have to worry about, Edwards said.

Among the measures that IBM recommended to ProPharm was the creation of a poison pill for the Linux boxes at pharmacies. If a box is stolen and then used to connect to the ProPharm network through which insurance claims are validated, then not only will the connection be severed, but the computer will be sent a command to commit suicide.

Once the system was in place, ProPharm then had a third party test it through ethical hacking.

“You shouldn’t proof read your own work,” Edwards said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now