No organization is immune from cyberattacks. They have become an inevitable business risk for companies large and small. In today’s Globe and Mail, the Canada Research Chair in Cybersecurity, Benoît Dupont, says that “even the most secure, aware organizations like the top intelligence agencies in the world get hacked.”

The increasing sophistication of cyberattacks was the main theme addressed at the latest in the BizSkule Speaker Series at Bennett Jones. I was on a panel along with other industry experts where we discussed emerging issues in the world of cybersecurity. Panelists came from a range of backgrounds and the key takeaways from our discussion were:

1. Organizations Need to Take a Proactive Approach

  • Organizations have exposure not only for a breach, but also for how they respond to it.
  • Organizations are expected to be proactive in implementing appropriate security safeguards to prevent and detect attacks.

2. Boards of Directors Need to Be Engaged

  • It is critical that Boards of Directors be fully engaged in their organization’s cybersecurity. They cannot delegate this matter to the IT department and hope for the best. Boards must understand the scope of risks facing the organization, the steps being taken to address those risks, and be engaged in the event the organization learns of a cyberattack against it.

3. Prevalence of Threats

  • Attackers are persistent and sophisticated. If they want to get into your network, they will.
  • The ability to detect intruders in your network is a key aspect to cybersecurity.

4. Risks

  • Cybersecurity risks for an organization extend beyond their four walls. Third-party vendors can introduce cyber threats to your organization—a vendor may be the backdoor into an organization’s network. Further, the failure of your vendors to take reasonable steps to prevent and respond to attacks can expose your organization to liability.

5. Identity of the Hackers

  • There are many faces of hackers—state sponsored espionage, competitors, and fraudsters trying to obtain and sell personal information on black market. They have the resources and abilities to break into any system.

6. New Forms of Personal Information

  • Increased interconnectivity is leading to an increased scope of what is considered to be personal information. This includes information about a person’s spending habits, where they shop, when they shop and what they buy.
  • An increased scope of what is considered to be personal information will require organizations to revisit the scope of information for which they are responsible

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.