Cyberattacks pose a big problem for small and medium-sized businesses. This local software aims to keep intruders out

By working closely with government bodies, Vancouver's CyberCatch developed the CAN/CIOSC 104 to help SMBs implement cybersecurity controls.

If you think your business is safe, think again. Good fences might make good neighbours, but on the internet, you better make sure those fences are reinforced. With more and more companies offering their services online, the threat of cybercriminals looms large, especially for small and medium-sized businesses (SMBs) which tend to have more vulnerabilities than their bigger counterparts.  

Sai Huda, founder, chair and CEO of Vancouver-based CyberCatch, offers some numbers that highlight the problem. “We looked at 21,850 small to midsize businesses and found that 84 percent of Canadian SMBs were vulnerable to an attack from the internet because they had internet-facing assets like web servers and websites,” says Huda, whose company offers a software-as-a-service (SaaS) platform. “And there were vulnerabilities in the [website code] and web assets that an attacker can easily exploit and break in.” 

With the government-authorized body for national standards, the CIO Strategy Council, CyberCatch developed the CAN/CIOSC 104 Compliance Manager software, which is now the national standard for all SMBs in Canada. The Surrey Board of Trade has also come on board to help spread the word to local businesses.  

“With cyberattacks on the rise, this new solution will support ISEDs CyberSecure Canada program and our commitment to helping smaller businesses across Canada secure their systems and data to succeed in today’s digital economy,” François-Philippe Champagne, federal minister of innovation, science and industry, said in a release. 

To give you more context, a recent IBM Security report found that the average total cost of data breaches in Canada rose by 20 percent between 2020 and 2021, from US$4.5 million to US$5.4 million. The global average cost of breaches climbed from US$3.86 million to US$4.24 million during the same period.

Unlike an endpoint solution, which focuses on specific points in the cybersecurity chain (for example, downloading software on your laptop and receiving alerts about potential malware), CAN/CIOSC addresses the root cause of data breaches and ransomware attacks. It also helps businesses solve the problem.  

The root cause is that there are security holes in the organization which aren’t being addressed by either a policy procedure or a control,” Huda explains. “If something breaks or something’s missing, we detect it, we report it, and then we help guide the business to fix it.” 

READ MORE: 5 tips to protect your business from cyberattacks

Businesses pay an annual subscription fee for this cloud-based software, Huda says. Features include a built-in scanner to detect vulnerabilities, expert testing of a company’s cyber defences and fake phishing emails to see if employees can be fooled.

“Those are the three ways we’re doing the testing because an attacker can come in via fooling an employee or by exploiting a vulnerability from a website, and once they’re in, they’ll roam around,” Huda notes. “That’s what makes it very efficient for a small business, because they won’t be able to do this themselves.” 

You can find the full guide to the national standard here.