A cybersecurity incident now in its fifth day at bookseller Indigo Books & Music has highlighted the growing risk of cyberattacks against Canadian businesses and consumers, experts say.
The continued outage of the bookstore’s website serves as a warning of the growing dangers facing organizations and individuals online, they argue.
“These attacks are becoming more frequent and sophisticated,” said Charles Finlay, executive director of the Rogers Cybersecure Catalyst Center at Metropolitan University of Toronto.
Last week, Indigo announced that it had suffered a “cybersecurity incident” affecting its website and electronic payment system. The company said it was working with third-party experts to investigate and resolve the situation.
Although the bookstore is once again able to accept debit and credit cards and gift cards in stores, Indigo’s website was still offline on Monday.
Finlay said that as hackers get smarter and more of your lives take place online, “every organization has been attacked or will be attacked. offensive “.
“The question is not whether an attack will occur, but rather when,” he said.
On social media, Indigo told customers it had changed its in-store payment technology as part of its incident response.
The bookstore added that customers could experience delays with some or all of the orders and returns online, while its stores were still unable to accept returns in person.
Indigo spokeswoman Melissa Perri said the company continues to work with third-party experts to investigate the situation and understand if customer data was accessed.
Canadian retailers have recently suffered an increasing number of cyberattacks.
Empire, the parent company of Sobeys, suffered a security breach late last year that shut down its pharmacy services and other in-store functions.
The incident, which took place in early November, left customers unable to fill their prescriptions for four days, while other in-store functions such as self-checkouts, use of gift cards and l redemption points have been offline for about a week.
Empire said in December the attack was expected to cost it $25 million after insurance recoveries.
While big companies with deep pockets typically survive cyberattacks, small businesses often don’t fare as well, experts say.
More than half of small businesses close within six months of a cyberattack, observed Mandy D’Autremont, vice-president of marketing partnerships at the Canadian Federation of Independent Business, which offers a training program for business owners. and their employees on how to improve cybersecurity.
“There is a real risk to the survival of small businesses,” she said. Cybercriminals are always developing more advanced and sophisticated ways to try to deceive and break through a company’s defenses. »
The average cost of a successful cyberattack for a small business is $26,000, she calculated.
“These attacks can be devastating to organizations,” Finlay said. A significant proportion of businesses that experience severe cybersecurity attacks do not survive. »
Cyberattacks can prevent organizations from transacting and damage a company’s relationship with its customers and employees, he added.
“They lose the value of deals they can’t complete. Restoring systems has a significant cost. There are disturbed relationships with consumers. There are disturbed internal processes. There is an impact on employee morale. There is a regulatory review, Mr. Finlay listed. Cyberattacks are incredibly destructive. »
The Office of the Privacy Commissioner of Canada said it is aware of Indigo’s cybersecurity incident and is in contact with the company “to obtain further information, including a formal breach report. , and determine next steps.