Why should I be concerned?

Why should businesses be concerned about their cybersecurity?

As a business owner, cyber attacks can have direct and indirect impacts on your business, such as:

  • Financial loss due to fraud
  • Litigation
  • Loss of business
  • Reputational damage
  • Increased consumer prices
  • Job losses
  • IP theft
  • Damage to critical infrastructure

Why are customers, partners, investors and suppliers increasingly concerned about cybersecurity?

Customers, partners, investors and suppliers provide Canadian businesses with valuable information and trust that their information will be secure.

When businesses lack strong cybersecurity measures, information provided to them could be at risk for:

  • Theft of personal and/or confidential information
  • Theft of credit card and/or financial information
  • Ransomware leading to the disruptions of services provided to customers
  • Unauthorized modification of information

Who could potentially attack my business? (Cyber threat actors)

People or groups that willingly target a business's cyber infrastructure via the Internet are known as cyber threat actors. There are two types of cyber threat actors: external and internal, which can be defined as:

External

The most sophisticated and coordinated groups include:

Nation-States
could be intelligence programs or organized crime groups

Cybercriminals
persons who engage in criminal activity by means of computers or the Internet

The less sophisticated groups include:

Hacktivists
persons who gain unauthorized access to computer files or networks in order to further social or political ends

Terrorist Groups
persons who use the Internet and/or computers to conduct terrorist activities

Thrill-Seekers
persons who enjoy taking part in cyber activities that involve some amount of risk

Internal

Insider threats are individuals working within your business. These persons are particularly dangerous because of their access to your internal networks, regardless of whether or not you already have some security measures in place.

Why would a cyber threat actor target my business?

There are a number of reasons why a cyber threat actor could target your business.

The figure below demonstrates some of the most common motives for cyber threat actors to target your business for a cyber attack:

Figure 1: Motivations for cyber threat actors

Cyber threat actors and their motivations. Long description below.
Text version
Cyber threat actor Motivation
Nation-states Geopolitical
Cybercriminals Profit
Hacktivists Ideological
Terrorist groups Ideological violence
Thrill-seekers Satisfaction
Insider threats Discontent