Ransomware: An ounce of prevention is worth a pound of cure

It takes years to build a reputation people can trust and seconds for a cyberattack to bring it all crashing down.

Once criminals gain access to an organization’s systems and the information stored within, the door is open to identity theft, economic loss, and devastating reputational damage.

Governments, public institutions, healthcare organizations and child and youth service providers are all entrusted with sensitive personal information to deliver a variety of programs and services. Citizens need to trust that it’ll be kept safe and secure.

With the stakes so high, prevention has never been more important. October is Cyber Security Awareness Month, an international campaign to raise awareness of the importance of cyber security as threats to technology and confidential data become all too common.

Cyberattacks are on the rise around the world. The Canadian Centre for Cyber Security (CCCS) reported that global ransomware attacks had increased by 151 per cent in 2021 over a comparable period in 2020, citing the highest ransoms and payouts on record. CCCS summarized this key trend as “brazen, sophisticated, increasing in frequency and, for cybercriminals, very profitable.”

Canadian organizations have not been spared from this spike in ransomware attacks, particularly the critical infrastructure sector and large public institutions like hospitals, governments and universities. The Canadian Internet Registration Authority described 2022 as “a critical year for cyber security” with 60 per cent more organizations reporting breaches of customer and employee data than before the pandemic. In a 2022 Canadian ransomware study by TELUS, 83 per cent of 450 Canadian businesses surveyed said they had experienced a ransomware attack, and only 42 per cent of those said their data was returned to them after a ransom was paid.

Ransomware is a type of malicious software or “malware.” Once attackers gain access to an organization’s systems, they use ransomware to prevent an organization from accessing their own data holdings and then demand payment for their release.

Organizations must take reasonable measures to ensure that any personal information in their custody and control remains secure and protected from the escalating risks out there. In cybersecurity, an ounce of prevention is worth a pound of cure.

With that in mind, we’ve updated our fact sheet on protecting against ransomware attacks. It offers tips on how organizations can avoid falling for common traps through increased awareness and prevention.

The fact sheet delves into the many proactive steps organizations can take to strengthen their security posture. Chief among them is maintaining a comprehensive and up-to-date data asset inventory to track data flows and securely destroy personal information at the end of its lifecycle.

Another aspect of this proactive approach to minimizing your organization’s exposure is reducing the number of pathways an attacker can take to gain access to your networks. This can be done by, among other things, disabling unused IT services, regularly scanning your systems for vulnerabilities, applying patches as soon as possible, and restricting who can install software at your organization. Critically important is conducting regular security assessments of not only in-house information technology systems, but also those provided by third party vendors.

Ensuring your employees understand the threat landscape through ongoing cybersecurity awareness training is another essential step to shield your organization from potential threats, especially when it comes to phishing. As is having a robust, well-coordinated and well-practiced cybersecurity incident response plan in place with clear roles and responsibilities, communication protocols, and escalation procedures.

I encourage you to read the fact sheet and explore our other resources to help protect your organization from cyberattacks. Among them, our very first Info Matters podcast episode, Don’t get caught! Protect yourself against phishing, and our informative phishing fact sheet.

Visit our YouTube channel to watch short videos with tips about how to avoid a phishing attack and protect your privacy online. We’re always updating our channel with new videos, so be sure to subscribe so you don’t miss a thing.

Share these resources with your colleagues, friends, and family. You can also follow the hashtag #CyberMonth2022 to learn more about how to protect yourself, and your organization, from cyber threats.

“An ounce of prevention is worth a pound of cure” was a phrase coined by Benjamin Franklin back in 1736, as he urged the citizens of Philadelphia to protect themselves from fire hazards. Who knew this wise old proverb would continue to ring so true today in respect of cyber risks!

— Patricia

This post is also available in: French

Media Contact

For a quick response, kindly e-mail or phone us with details of your request such as media outlet, topic, and deadline:
Telephone: 416-326-3965

Social Media

The IPC maintains channels on Twitter, YouTube and Linkedin in its efforts to communicate to Ontarians and others interested in privacy, access and related issues.