Latest Posts

The Rising Costs of Data Breaches

Data breaches are becoming increasingly problematic for companies - not only are they becoming more common, they are also becoming more costly. IBM Security and Ponemon Institute released a study this month that estimates the cost of the average data breach is now at $4 million, a 29% increase from 2013. The consequences of a data breach vary dramatically among different industries, with regulated industries facing the highest costs. Healthcare organizations lose an average of $355 per stolen record while the cost to the average public sector company is only $80. 

Read Full Article
Cyberbreach - Sometimes It's an Inside Job

Earlier this week, the Globe & Mail reported that four individuals, who were charged in connection with the theft and sale of maternity patient records from Rouge Valley Health System hospitals, pleaded guilty.  The stolen records were used to solicit sales of RESPs to new mothers.

Read Full Article
Bernice Karn Discusses PIPEDA Amendments - Including Data Breach Guidlines - with ITWorld

Bernice Karn has been quoted in the article "PIPEDA Changes Should Prompt Improved Security Stances and Roadmap Creation" published by ITWorld.

Read Full Article
What is Cybersecurity Law, Really?

Cybersecurity is everywhere these days. People are talking about it in business circles, in legal circles, in technology circles and at all points in between.  Scores of articles abound dispensing advice about best practices for IT security management. You are reading this blog possibly because you are worried about cybersecurity and the legal ramifications of a cyber breach – but what does that really mean?  We are here to cut through the noise.

Read Full Article
Apr 4, 2016
The Rise of Disruptive Cyber Attacks (by Mandiant)

Over the past year, Mandiant responded to incidents where attackers destroyed critical business systems, leaked confidential data, held companies for ransom, and taunted executives. Some attackers were motivated by money, some claimed to be retaliating for political purposes, and others simply wanted to cause embarrassment. 

Read Full Article
Mar 3, 2016
Article by Marlon Hylton Published by Connections+ Magazine

Marlon Hylton's article titled "Role of ICT Professional Critical in Countering Cyber Threats" has been published by Connections+, the magazine for ICT professionals.

Read Full Article
Cassels Brock Lawyers Author Article in National Post on the State of Cyber-Readiness in Canada

An opinion piece on the importance of cyber security ("It's Time to Beef Up Our Cyber Defences") written by Marlon Hylton and Bernice Karn has been published by the National Post:

Read Full Article
Building Your Toolbox: IIROC Issues Guides For Dealers to Manage Cybersecurity Risks

Just before the holidays, the Investment Industry Regulatory Organization of Canada (“IIROC”) – a national organization that regulates securities dealers operating in Canada - released two cybersecurity guides to assist dealers manage their cybersecurity risks and to effectively respond in the event of a cyber incident.

Read Full Article
Cassels Brock's Bernice Karn Named "Cybersecurity & Data Privacy Trailblazer" by the National Law Journal

Cassels Brock is pleased to announce that Bernice Karn, a member of Cassels Brock & Blackwell LLP’s cybersecurity team has been named a 2015 Cybersecurity & Data Privacy Trailblazer by the National Law Journal (NLJ).

Read Full Article
Dec 2, 2015
Guiding Principles for Cybersecurity Oversight by Board Members

Last week, the Global Network of Director Institutes (“GNDI”), an international network of director institutes promoting good corporate governance, released a paper outlining the overarching principles that should guide decisions made by corporate board members when it comes to cybersecurity oversight.

Read Full Article
Nov 30, 2015
2016 Global Cybersecurity Assurance Report Card (by Tenable Network Security, Inc.)

Over the last twelve months the world has seen costly and destructive cyberattacks target organizations of all sizes regardless of industry or geography. With attackers breaching the world’s cyber defenses seemingly at will, the ability of organizations to successfully defend themselves against a proliferating threat environment has become uncertain. At risk are the private data of citizens, billions in international business revenue and the security of nations. With so much at stake, organizations need to know where their security programs are effective and where they are falling short.

Read Full Article
Nov 23, 2015
Cyber Threats to Critical Infrastructure on the Minister of Public Safety’s Radar

On November 13, 2015, as part of the new Canadian Prime Minister’s commitment to an open and transparent government, ministerial mandate letters were made public. These letters outline a broad framework for what ministers are expected to accomplish, including specific policy objectives and challenges to be addressed. While they are not intended to be an exhaustive list of all files that a Minister needs to address, they provide insight in terms of the government’s overall priorities for the ministry.

Read Full Article
Nov 13, 2015
TAGS: phishing
Phishing 101: 5 Ways to Spot Fraudulent Emails (by BAE Systems )

There have been a number of high-profile cyber breaches that, which upon inspection, were the result of phishing attacks. These malicious e-mails aim to collect personal information and employee credentials to steal intelligence from an organization’s network or to install malware such as a data-stealing Trojan.

Read Full Article
Can Weak Cybersecurity Be Misleading Advertising?

This summer, the US Third Circuit Court of Appeal’s decision in FTC v Wyndham gave the green light for the Federal Trade Commission's to pursue relief against Wyndham Worldwide and its subsidiaries (“Wyndham”) for unfair and deceptive trade practices.

Read Full Article
Safe Harbor No More EU-US Data Transfer Deal Invalidated by Court

Recently the European Court of Justice (the ECJ) rendered a decision invalidating the Safe Harbor Framework between the European Union (the EU) and the United States which allowed organizations to transfer personal data from EU member states to the United States. The decision has resulted in significant uncertainty for the 4,500 organizations that relied on the agreement who will now need to implement alternatives for the transfer of personal data that comply with the ruling.

Read Full Article
Sep 18, 2015
Cyber Insurance – How To Pick the Right One

According to a recent PwC report (for a copy of the report, click here), the cyber insurance market is set to triple to $7.5 billion by 2020. With major cyber incidents being reported almost weekly, businesses are looking carefully at cyber insurance as a means to mitigate the cost of dealing with cyber incidents.

Read Full Article
Sep 5, 2015
Cybersecurity: Hope for the Best but Prepare for the Worst – Part II

* This article originally appeared in the September edition of PX Community Matters.

This is the second article in a two part series dealing with what businesses should do if they have been the target of a cyberattack. For a link to last month’s article which covered what business can do to reduce the chances of a being a victim of a successful cyberattack, please click here

Many analysts believe that it’s not a question of “if” but rather “when” a business will be the target of a successful cyberattack. If an organization believes that it has been the victim of a cyber incident, the steps it takes in the moments following this discovery will be crucial in mitigating the legal, business and reputational fallout.

Read Full Article
Aug 5, 2015
Cybersecurity: Hope for the Best but Prepare for the Worst – Part I

* This article originally appeared in the August edition of PX Community Matters.

This is the first article of a two part series dealing with what businesses can do in the face of growing cyber threats. Next month, we will cover how businesses should respond in the case of a successful cyber attack. 

Increasingly, reports of cyber attacks on businesses have been making the headlines. The numbers speak for themselves:1

Read Full Article