The most recent cyberattack against a Quebec company is causing a stir. A recent article by Julien Arsenault in The Press1 describes well the attack against the manufacturer of recreational products BRP. As usual, it boils down to inaccessible computer systems, data leaks and disgruntled partners.
Posted at 4:00 p.m.
This type of cyberattack has only increased in recent years. For the following reason: it makes money for pirates. These are organized into true SMEs, with sites on the dark weba negotiations strategy and sometimes even “media relations” areas on their pages.
It’s that it’s easy to find companies, increasingly digitized, willing to pay tens of thousands of dollars to recover access to their data and prevent it from being made public. From the company listed on the Toronto Stock Exchange to the discreet law firm, everyone can be a target, given the commercial and confidential nature of their data.
There is also a technological problem: the majority of companies are very dependent on encryption technologies to protect their data, and these technologies are simply not very effective against ransomware.
Hackers can encrypt your data on top of your own encryption, and you will no longer have access to it! Ransomware is not a fatality to which we should resign ourselves, especially in Quebec.
Strong incentives
The Act respecting the protection of personal information in the private sector will come into force gradually from September 22, 2022: decision-makers will be responsible in the event of cyberattacks, a strong incentive to better protect its IT systems. The other incentive comes from the insurance sector, because who says cyberattacks also says that insurers have to pay for some of the damage.
According to the cybersecurity research firm Varonis, North American insurers must spend considerable sums to compensate their customers who are victims of cyberattacks.
This led to huge increases in insurance premiums. In some cases, insurers have even refused to cover customers, believing that the levels of protection for their data were not high enough. One more reason to encourage companies to better counter cyberattacks and to turn to emerging technologies.
In the meantime, BRP dealers and their customers will have to be patient, at least until September 5, as recovery from a ransomware attack takes an average of 21 days, again according to research firm Varonis.