On September 22, 2016 Yahoo Inc. reported that it suffered a data breach affecting 500 million of its approximately 1 billion user accounts. According to a press release issued by the company, stolen information "may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers".1 This data breach apparently occurred in late 2014 and Yahoo believes it was perpetrated by a "state-sponsored actor".Read Full Article
Data breaches are becoming increasingly problematic for companies - not only are they becoming more common, they are also becoming more costly. IBM Security and Ponemon Institute released a study this month that estimates the cost of the average data breach is now at $4 million, a 29% increase from 2013. The consequences of a data breach vary dramatically among different industries, with regulated industries facing the highest costs. Healthcare organizations lose an average of $355 per stolen record while the cost to the average public sector company is only $80.Read Full Article
Earlier this week, the Globe & Mail reported that four individuals, who were charged in connection with the theft and sale of maternity patient records from Rouge Valley Health System hospitals, pleaded guilty. The stolen records were used to solicit sales of RESPs to new mothers.Read Full Article
Bernice Karn has been quoted in the article "PIPEDA Changes Should Prompt Improved Security Stances and Roadmap Creation" published by ITWorld.Read Full Article
Cybersecurity is everywhere these days. People are talking about it in business circles, in legal circles, in technology circles and at all points in between. Scores of articles abound dispensing advice about best practices for IT security management. You are reading this blog possibly because you are worried about cybersecurity and the legal ramifications of a cyber breach – but what does that really mean? We are here to cut through the noise.Read Full Article
Over the past year, Mandiant responded to incidents where attackers destroyed critical business systems, leaked confidential data, held companies for ransom, and taunted executives. Some attackers were motivated by money, some claimed to be retaliating for political purposes, and others simply wanted to cause embarrassment.Read Full Article
Marlon Hylton's article titled "Role of ICT Professional Critical in Countering Cyber Threats" has been published by Connections+, the magazine for ICT professionals.Read Full Article
An opinion piece on the importance of cyber security ("It's Time to Beef Up Our Cyber Defences") written by Marlon Hylton and Bernice Karn has been published by the National Post:Read Full Article
Just before the holidays, the Investment Industry Regulatory Organization of Canada (“IIROC”) – a national organization that regulates securities dealers operating in Canada - released two cybersecurity guides to assist dealers manage their cybersecurity risks and to effectively respond in the event of a cyber incident.Read Full Article
Cassels Brock is pleased to announce that Bernice Karn, a member of Cassels Brock & Blackwell LLP’s cybersecurity team has been named a 2015 Cybersecurity & Data Privacy Trailblazer by the National Law Journal (NLJ).Read Full Article
Last week, the Global Network of Director Institutes (“GNDI”), an international network of director institutes promoting good corporate governance, released a paper outlining the overarching principles that should guide decisions made by corporate board members when it comes to cybersecurity oversight.Read Full Article
Over the last twelve months the world has seen costly and destructive cyberattacks target organizations of all sizes regardless of industry or geography. With attackers breaching the world’s cyber defenses seemingly at will, the ability of organizations to successfully defend themselves against a proliferating threat environment has become uncertain. At risk are the private data of citizens, billions in international business revenue and the security of nations. With so much at stake, organizations need to know where their security programs are effective and where they are falling short.Read Full Article
On November 13, 2015, as part of the new Canadian Prime Minister’s commitment to an open and transparent government, ministerial mandate letters were made public. These letters outline a broad framework for what ministers are expected to accomplish, including specific policy objectives and challenges to be addressed. While they are not intended to be an exhaustive list of all files that a Minister needs to address, they provide insight in terms of the government’s overall priorities for the ministry.Read Full Article
There have been a number of high-profile cyber breaches that, which upon inspection, were the result of phishing attacks. These malicious e-mails aim to collect personal information and employee credentials to steal intelligence from an organization’s network or to install malware such as a data-stealing Trojan.Read Full Article
This summer, the US Third Circuit Court of Appeal’s decision in FTC v Wyndham gave the green light for the Federal Trade Commission's to pursue relief against Wyndham Worldwide and its subsidiaries (“Wyndham”) for unfair and deceptive trade practices.Read Full Article
Recently the European Court of Justice (the ECJ) rendered a decision invalidating the Safe Harbor Framework between the European Union (the EU) and the United States which allowed organizations to transfer personal data from EU member states to the United States. The decision has resulted in significant uncertainty for the 4,500 organizations that relied on the agreement who will now need to implement alternatives for the transfer of personal data that comply with the ruling.Read Full Article
According to a recent PwC report (for a copy of the report, ), the cyber insurance market is set to triple to $7.5 billion by 2020. With major cyber incidents being reported almost weekly, businesses are looking carefully at cyber insurance as a means to mitigate the cost of dealing with cyber incidents.Read Full Article
* This article originally appeared in the September edition of PX Community Matters.
This is the second article in a two part series dealing with what businesses should do if they have been the target of a cyberattack. For a link to last month’s article which covered what business can do to reduce the chances of a being a victim of a successful cyberattack, please click here.
Many analysts believe that it’s not a question of “if” but rather “when” a business will be the target of a successful cyberattack. If an organization believes that it has been the victim of a cyber incident, the steps it takes in the moments following this discovery will be crucial in mitigating the legal, business and reputational fallout.
* This article originally appeared in the August edition of PX Community Matters.
This is the first article of a two part series dealing with what businesses can do in the face of growing cyber threats. Next month, we will cover how businesses should respond in the case of a successful cyber attack.
Increasingly, reports of cyber attacks on businesses have been making the headlines. The numbers speak for themselves:1