A new report from CDW Canada and IDC Canada contains some sobering news for Canadian businesses: the number of successful cybersecurity breaches in 2022 more than doubled over the previous year.

The data reinforces a troubling cybersecurity trend that can have some dire implications for businesses in any geography. We owe it to ourselves to pay closer attention – or risk becoming victims ourselves. 

In a world where a new cybersecurity breach is revealed practically every day, the LastPass attack remains one of the most concerning.

Months after the makers of the popular password management app revealed that the platform had been compromised, customers continue to grapple with the fact that a third-party tool designed to make them more secure instead had the opposite effect.

The lessons from this historic event are both significant and far-ranging – even if you’ve never used the app at all. 

If you think the current cybersecurity crisis is concerning, it could be getting even worse.

In Gartner’s recently published report, Predicts 2023: Cybersecurity Industry Focuses on the Human Deal, the research firm shares some worrisome statistics on the state of staffing and leadership in the sector.

Left unchecked, the research suggests talent shortfalls could continue to widen if organizations fail to prioritize human factors. 

Meta’s wannabe-Twitter-killer, Threads, is having quite the ride.

After charging out of the gate with 100 million downloads in its first 5 days – the fastest in history, beating the previous record-holder, ChatGPT, which took two full months – engagement fell by half during its second week.

Normal new-product ups-and-downs notwithstanding, concerns over the new app’s appetite for end-user data are raising questions over privacy. Given the track record of its maker, Meta, on securing end-user data, it’s easy to understand why.

Developers might want to take notice. 

No one doubts that generative AI is the next big thing in tech.

But all that promise comes with a dark side that’s prompting organizations of all types to ponder the ethical implications of using it.

To some, it’s an ominous minefield. But it doesn’t have to be. 

It isn’t difficult to find evidence of the fast-growing cybersecurity risks that companies of all sizes and in all sectors now face.

For example, as this article was being researched and written, one of Canada’s largest energy producers was crippled by a major cyberattack that took its point of sale systems, website, app, and internal messaging systems offline. Suncor Energy, which owns the Petro-Canada chain of over 1,500 retail gas stations, later confirmed customer information had been compromised.

The attack reinforces the unsettling reality of cybersecurity in 2023: we no longer have to look far to find evidence of its spread. The impact is, literally, right in front of us, and not even global energy giants are immune. 

Cybersecurity has long been focused on keeping the bad guys out. Organizations just like yours spend the majority of their security budgets on building (hopefully) impermeable rings that protect employees, clients, infrastructure, data, and other resources from an ever worsening threat landscape.

But what if we’re getting it wrong? What if the real threat is coming from the inside?

The recent leak of classified Pentagon briefing documents – and the subsequent arrest of a National Guard airman suspected of stealing them – should be a reminder to us all that insider threats are every bit as worrisome as anything on the outside. 

By now, we should all be used to eye-popping headlines from Twitter.

Mass layoffs. Mass resignations. Botched releases. Skyrocketing misinformation and disinformation. Rampant and uncontrolled hate speech. Disappearing ad revenues.

But the latest shocking headline – a reported leak of part of Twitter’s source code – could be the worst of them all. 

On the surface, TikTok is a popular video sharing app where cool kids gather virtually to share the latest viral content, from dance videos to memes and challenges.

It is as seemingly trivial as a socially enabled app can be.

Yet, after the Canadian government’s decision to ban the app on all federal employee devices, businesses everywhere must ask themselves a simple question: should their employees be allowed to use TikTok on their company devices? Or, should they follow the government’s lead and issue their own removal notice? 

A major ransomware attack Sunday kicked the majority of Italians off of the internet before administrators were able to restore service.

Italy’s National Cybersecurity Agency, ACN, said the attackers targeted a known vulnerability in VMware’s ESXi servers. VMware encouraged customers to install patches.

If it feels like you’ve heard this story before, that’s because you probably have. In fact, you’re forgiven for thinking this feels like Groundhog Day.

That’s because the vulnerability was first detected almost two years ago, and the Canadian Centre for Cyber Security issued its first security advisory – known as AV21-093 – on February 24, 2021. The Canadian cybersecurity agency issued a second advisory, AV22-689, on December 9, 2022.