Citing upticks in attacks, Canada’s Centre for Cyber Security asks organizations to step up protective measures, offering guidance and a playbook to improve security.
An open letter to Canadian organizations was released earlier this month warning of a “surge in ransomware incidents” and asking organizations to adopt “basic but appropriate cyber security practices” to stop “the vast majority of cyber incidents targeting Canadians.” According to the letter, ransomware attacks have been targeting Canadian small and medium-sized businesses, health care organizations, utility organizations, and municipalities.
The letter goes on to provide guidance in the form of a baseline set of organizational and security controls, as well as a top 10 list of IT security actions (shown below):
We’re glad to see Security Awareness Training included (at number 6) and that it’s encouraged to be “tailored” to meet the needs of the organization. No two organizations are exactly alike, and not every user needs the same amount of education to become vigilant. It’s one of the reasons I also encourage phishing testing to identify the users that continue to be a weak link by engaging with potentially harmful email content.
Given the massive rise in ransomware attacks experienced, it makes sense for the Canadian government to take the time now to encourage businesses to improve their security stance, stating "It’s time to think seriously about cyber security."