The increase in computer security breaches “worries” the Financial Markets Authority (AMF), which invites companies and institutions in the financial sector to strengthen their security measures. Of the 30 cyber incidents reported to the AMF in two years, eight resulted in data theft.
• Read also: Malicious employees threaten businesses
• Read also: No money for whistleblowers
Like what hackers seem more active for months, according to data provided to the Newspaper, the AMF was notified that 22 cyber incidents occurred last year, compared to eight in 2019.
Of the lot, we find the case of Promutuel Insurance, which was the victim of a cyberattack in December which paralyzed all its computer systems.
Up to 7,000 current and past employees and retirees of the Quebec insurer may have had their personal information compromised. Documents were published in January on the underground web.
Currently, Promutuel Assurance is gradually relaunching its IT systems. Due to this incident, pre-authorized direct debit payments were suspended. This service will resume on February 1.
Last December, L’Unique General Insurance, a subsidiary of La Capitale, was also targeted by hackers. The online services of SSQ Insurance and La Capitale Assurance (now called Beneva) were then discontinued as a precaution.
“The recent incidents have put in perspective the pervasive threat that weighs on all organizations in terms of risks related to information technology,” said AMF CEO Louis Morisset.
The latter asks companies to carry out “periodic penetration tests” in order to assess the quality of their system. He also asks them to update their business continuity plan in the event of an attack, in order to reduce damage to the company and customers.
Among other information thefts, there was also, in 2019, the data breach at Desjardins, which affected millions of members. The AMF is not the only organization to observe an increase in security incidents. Out of 34 files processed in 2019, the Quebec Information Access Commission recorded 88 statements last year.
Last week, our Bureau of Investigation revealed that American justice had found a hacker who allegedly extracted $ 35 million from companies and organizations by using ransomware from his house in Gatineau.
According to Patrick Mathieu, co-founder of Hackfest, not all cyber incidents are currently reported to the responsible authorities.
Remember that the AMF only supervises insurers, deposit institutions and trust companies.
Currently, in Quebec, a company is not required to publicly disclose a theft of personal information or a security incident.
It is also not required to notify the privacy commissioners of Quebec and Canada. Bill 64, however, provides for changes in these practices.
For the next few years, Patrick Mathieu expects the number of cyber incidents to continue to climb. He believes that several companies are still trying to cover up these situations.
“Usually hundreds and thousands of businesses don’t say it,” he says. “It’s always going to continue to rise as long as companies pay the ransoms. The day they stop subsidizing criminals, it will stop, ”he concludes.
IT security in figures
Note: including the cost of the ransom, additional resources mobilized and losses incurred.
- 81 of companies say the pandemic has disrupted their cybersecurity.
- 48% of companies have revised their practices after the media leaks.
COST OF A CYBER ATTACK
- 26%: less than $ 50,000
- 35%: between $ 50,000 and $ 250,000
- 25%: between $ 250,000 and $ 500,000
- 9%: between $ 500,000 and $ 1 million
- 5%: over a million
Source: Portrait TI, 2020, the year of the great upheaval, Groupe Novipro and Léger)