6 steps to protect your company from cybercriminals

Businesses in Canada and elsewhere are trying to raise their digital profile while staying safe from hackers, CGI Group found in a recent global survey

Credit: CGI Group on Twitter

Organizations in Canada and elsewhere are trying to raise their digital profile while staying safe from hackers, CGI Group found in a recent global survey

It’s no surprise that companies everywhere are taking steps to become digital organizations. As work and commerce keep migrating online, businesses of all sizes and descriptions have no choice but embrace digitization.

In doing so, they’re exposing themselves to inherent risks. No matter what product or service a company sells, the security threats associated with digitization are real and growing.

Corporate data breaches are now commonplace: in 2017 alone, Canadians were affected by several major hacks, including those against Uber Technologies Inc., Equifax Inc. and Bell Canada. The Bell incident saw almost two million customers’ information illegally accessed.

The latest instalment of an annual survey by CGI Group Inc., a Montreal-based technology consulting firm, shows that companies and other organizations around the world aren’t taking such threats lightly.

For its 2017 Client Global Insights report, CGI spoke to some 1,300 executives across 10 industries in 17 countries. The survey of businesses and governments included about 200 interviews conducted in Canada.

The goal of the report was to understand what’s most important to executives, according to Michael Keating, CGI’s senior vice-president, global marketing and IP strategy.

“Two things have become universally accepted as most pressing for our clients,” Keating says, noting that 85 percent of survey respondents cited a greater urgency to become a digital organization (up from 71 percent in 2016) and 74 percent identified the need to secure their enterprise against cyberrisks (a gain from 62 percent in 2016). “One is around becoming digital like their clients expect, and the second is the increasing need to deal with growing risks around cybersecurity.”

“Becoming digital” means a lot more than simply putting up a website or adopting an e-commerce platform, Keating stresses.

“It’s really about having an organization not only fully embrace going online, but what that means behind it: using all the data at their disposal, working with partners in new ways and fundamentally providing a different type of experience,” he explains. “And that’s true whether you’re talking to an agency, like a government department, or to a private sector organization like a bank or telecommunications company,” Keating adds, underlining the role that security plays in digitization. “Along with that, part of becoming digital is being able to provide the trust that effective cybersecurity brings. We see a big difference, depending on the type of industry you’re talking to and the geography that you’re talking to, for how organizations put their plans together around that.”

Western Canada concerned about using technology within supply chain management

Keating says about a third of the survey’s roughly Canadian interviews were done in Western Canada, where CGI has what he calls a “healthy presence.” Companies in the region are focused on securing their relationships with partners and suppliers, he observes.

“When you think about the mineral-intensive industries out there, they want to operate with the whole ecosystem, the whole supply chain,” Keating says. “So they’re looking to use technology in this context, and their digital transformation is about tighter integration with their partners. So if you’re producing timber or other types of resources, it’s about integrating with that supply chain, which requires you to be a little more collaborative, frankly, than we would have seen 10 years ago.”

That means making sure that every chink in the supply chain is smoothed over and secure.

Another area where Western Canada is hoping to improve is in adopting new systems like the cloud. But that means moving away from existing methods.

“If you ask the average IT leader in that part of Canada, especially in governments, what they’re working on, they’ve got a large amount of legacy technologies that are costly,” Keating says. Such companies “really need to move to a lower cost point with a more modern framework,” he warns. “So that really dominates the thinking of a lot of the companies and organizations that are out in Western Canada right now.”

The top 6 security challenges for companies

Stan Sims joined CGI in 2016 to head its defence team, taking the title of chief security officer. Previously, Sims served as director of the Defense Security Service for the U.S. Department of Defense. Any organization concerned about security should pay attention to these six challenges, he advises.

1. Managing a risk introduced by new technology

“We talk about technology and all the benefits of that, but you’ve also got to manage the risks around any new technology,” Sims says, imploring companies to learn the ins and outs of any new system they install.

2. Managing the risks of living in a connected world

Sims calls it the “elephant in the room.” Although connectivity can make tasks much easier and help your company be more effective, it also opens up many more avenues for potential security threats.

3. Managing a multidisciplinary cybersecurity program

Companies need to watch out for threats of all kinds, Sims says, and that includes more traditional hazards like break-ins. “It can’t just be cyber, and it can’t just be physical,” he advises. “And it’s not just privacy or insider threats. You’ve got to manage all those together because there’s synergy around them.”

4. Managing security investments

One of life’s greatest dilemmas as a consumer is never knowing if you’ll need insurance on a newly bought item. It’s hard to rationalize the extra cost of something you might not need. On the other hand, if you don’t buy insurance and something unfortunate happens, you’ll surely regret it.

Sims advocates for always being prepared. “You have to invest in security before you need it,” he argues. “As you’re going through this digital transformation, you’ve got to think about managing the security as you develop this technology. Security is part of everything we do and everything we deliver. We bake it in; we don’t bolt it on.”

5. Security training and awareness

A company needs to build a culture around security so that everyone has the same values when it comes to keeping the organization safe, Sims insists. That way, “everybody, all your workforce, becomes a centre for you,” he says. “That’s how you empower your people to help you.”

6. Preparing for the inevitable

“You know the old story: there’s two types of companies—those who’ve been breached and will be breached,” says Sims, chuckling before he turns more serious. “And those that have been and just don’t know it.”

Sims suggests that companies structure their processes around what he calls “the inevitable. Everybody is going to get some type of breach at some point of time. So, are you established? Do you have processes in place to manage and mitigate that when it happens? How do you manage the escalation, notification, communication process?”

Companies need to learn from hacks like the one that Equifax suffered last year, Sims says. “I would sum that up and tell you that that the inevitable happened, but it was very poorly managed,” he asserts. “And the result of their stock going down was more about how they mismanaged it rather than the hack itself.”