Cy­ber­se­cu­rity a pri­or­ity for all gov­ern­ments

St. Thomas Times-Journal - - COMMENT - VISHAL KUNDI Vishal Kundi is CEO of Toron­to­based Boxx In­sur­ance Inc.

The num­ber of cy­ber­at­tacks in the news seems likely to grow as we be­gin 2019.

The end of 2018 saw the theft of more than 500 mil­lion per­sonal records from Mar­riott-owned Star­wood, one of the sin­gle largest breaches of con­sumer data in his­tory.

But such at­tacks are not con­fined to the pri­vate sec­tor. This past Septem­ber, the small re­gional county mu­nic­i­pal­ity of Mék­inac, west of Que­bec City, lost ac­cess to its servers as a re­sult of a ran­somware at­tack, which saw the mu­nic­i­pal­ity pay $30,000 in Bit­coin in or­der to re­store ac­cess. Despite the pay­ment, the re­gion’s servers were dis­abled for more than two weeks. Sev­eral On­tario mu­nic­i­pal­i­ties also were vic­tims of sim­i­lar at­tacks in 2017.

As cit­i­zens, we sur­ren­der a trea­sure trove of per­sonal data to var­i­ous gov­ern­ment bod­ies, from social in­sur­ance num­bers to our fi­nan­cial records to con­fi­den­tial prop­erty in­for­ma­tion. We ex­pect they are do­ing ev­ery­thing in their power to pro­tect it from theft or mis­use. But mu­nic­i­pal­i­ties are par­tic­u­larly vul­ner­a­ble to cy­ber­at­tacks, as they of­ten lack the re­sources needed to de­fend and re­spond to them.

Since the Mék­inac at­tack, no pub­lic state­ment on the sub­ject has been re­leased by the Que­bec pro­vin­cial gov­ern­ment.

Cy­ber­se­cu­rity was not men­tioned in the fall eco­nomic state­ment. Yet, since De­cem­ber 2017, the pro­vin­cial gov­ern­ment has pushed for­ward the Que­bec dig­i­tal strategy, which prom­ises to im­prove the qual­ity of life for all Que­be­cers through dig­i­tal tech­nol­ogy. This also in­cludes en­sur­ing all pub­lic records are on­line.

As a part of the broader dig­i­tal strategy, we need to talk more about dig­i­tal safety. Lo­cal gov­ern­ments should take Mék­inac as an op­por­tu­nity to shape the di­a­logue with the province on what is needed to help pub­lic sec­tor bod­ies bet­ter pro­tect cit­i­zens’ dig­i­tal prop­erty.

There are steps that mu­nic­i­pal­i­ties can take to spend tax­payer money more wisely.

Strengthen your best fire­wall, your em­ploy­ees: Within the pub­lic sec­tor, there are hun­dreds to thou­sands of po­ten­tially vul­ner­a­ble em­ploy­ees. There are also nu­mer­ous de­part­ments that co­ex­ist on a shared net­work. Mu­nic­i­pal­i­ties, as well as other lev­els of gov­ern­ments, need to be aware of these weak­nesses. Ed­u­ca­tion is crit­i­cal and like fire safety, it should be seen as a manda­tory train­ing com­po­nent for all pub­lic en­ti­ties.

Be pre­pared to re­spond early and quickly: The fact that Mék­inac em­ploy­ees were locked out of their servers for two weeks, despite pay­ing ran­som, demon­strates the costs of not be­ing pre­pared. Hack­ers of­ten ac­cess sys­tems or servers months or even years be­fore theft or ran­som oc­curs. Iden­ti­fy­ing this ini­tial threat from the very be­gin­ning is im­por­tant. Mu­nic­i­pal­i­ties must be ready and able to re­spond to at­tacks, from fix­ing sys­tem dam­age, to restor­ing oper­a­tions, to re­build­ing data files. Luck­ily, tech­nol­ogy ex­ists to­day that is af­ford­able and can en­hance threat mon­i­tor­ing ca­pa­bil­i­ties and restora­tion for mu­nic­i­pal­i­ties. How­ever, an up­front in­vest­ment will need to be made.

Mu­nic­i­pal­i­ties also will need to con­sider how they will re­spond to the le­gal re­quire­ments of a cy­ber­at­tack (mere hours af­ter Mar­riott Star­wood an­nounced that its data­base had been breached, the com­pany was hit with a class ac­tion law­suit). With the stakes get­ting higher and cy­ber­at­tacks get­ting big­ger and more fre­quent ev­ery year, mu­nic­i­pal­i­ties must take con­trol of their own safety. How­ever, they can’t do it alone. It is time for mu­nic­i­pal­i­ties to start a con­ver­sa­tion with the province (where the province takes the lead) on how to pro­tect our pub­lic bod­ies and to make cy­ber­se­cu­rity one of their new year’s res­o­lu­tions for 2019.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.