LCBO is the latest to face cybersecurity threats

The Ontario Liquor Control Board said a “cybersecurity incident,” the latest hack in a string of recent attacks against the Canadian organization, was responsible for taking its website and mobile application offline.

The local Crown Corporation first announced the incident via social media on Tuesday night and said an investigation was ongoing. It had no impact, writes LCBO. Representatives declined to answer questions about whether customer information had been compromised.

However, the breach highlights growing concerns and growing costs among businesses and public sector organizations related to cybersecurity.

LCBO continues to investigate cybersecurity incidents.Site and mobile app are still down

According to a survey of more than 12,000 businesses conducted by Statistics Canada, Canadian businesses reported spending a total of $9.7 billion in detecting or preventing cybersecurity incidents in 2021. Nearly one-fifth of the companies surveyed reported having experienced a cybersecurity incident, and these companies collectively reported costs related to breaches of more than $600 million, which he also reported. has increased compared to 2019.

Just last month, a hospital for sick children in Toronto was the target of a ransomware attack that affected many of the hospital’s network systems for over two weeks. Last week, the hospital announced that it had restored about 80% of its priority systems. A ransomware group called LockBit apologized for the attack and provided a free decryption tool for SickKids to unlock their data. In a statement, the hospital said it did not use a decryption tool and did not pay the ransom.

In November, retailer Empire Co. Ltd., which owns banners for grocery stores such as Sobeys, Safeway, IGA and FreshCo, was also hit by a cybersecurity breach that shut down many of its pharmacy services for four days, while others Operations were affected for about a week. , self-checkout terminals, gift cards and loyalty point redemption. Citing an unnamed employee, the CBC reported that the disruption was caused by a ransomware attack, but the company only called it a “cybersecurity event.” Last month, Empire estimated the cost of a breach to be around $25 million. That estimate relates to the costs to the post-insurance business we hold against such events.

“Like many loss prevention issues, companies don’t like to talk about it because they don’t want to give the bad guys a lead,” says Senior Counsel Michael LeBlanc, regarding defensive strategies. For the Retail Council of Canada. LeBlanc likened dealing with cybersecurity threats to a game of whack-a-mole. “Once he fixes one violation, he has to work on it. What can he learn from it and how can the system be strengthened? Nonstop.”

The problem is not limited to one industry, but retailers, who also process credit card data and other valuable customer information, are often targeted by cyberattacks.

“When you ask retailers why they can’t sleep at night, this is it,” LeBlanc said.

But Lisa Kearney, CEO of the Women CyberSecurity Society Inc., said in her 15 years as a consultant that organizations dedicate adequate resources to preventing data breaches before they occur. said he had seen very few “Even when there are resources available in-house, companies are often untrained, uninformed and, frankly, unprepared to take action,” she said. .

Carney believes that the reason many organizations experience cybersecurity incidents “over and over again” is that once systems are restored after a breach, companies put cybersecurity back on their list of priorities.

“They go into what we might call social amnesia, forgetting how important security concerns were when they first experienced it,” she said. Those in power and authority, in particular, have become desensitized to the fact that these attacks have happened so frequently these days.”

Adastra Corp., which provides analytics and data solutions to global enterprises, released a report on Wednesday showing that 77% of 882 business managers surveyed in Canada and the United States said their organization will experience a data breach within the next three years. I made it clear that I think it is likely that I will experience it.

“At the same time, 68% of managers surveyed said their company has a cybersecurity function, and another 18% report they are in the process of creating one,” said Kuljit Chahal, practice leader for data security. said. at Adastra.

“The question is not whether there is a cybersecurity department, but whether the company is using the system practically and efficiently.”

said Charles Finlay, executive director of Rogers CyberSecure Catalyst at Toronto Metropolitan University (formerly Ryerson University). “This is the norm today. Cyber ​​attackers target the most important parts of society and the economy, as well as critical infrastructures.