Contact us at info@uzado.com

Canadian Businesses with Ties to China, May be in Trouble

Alix Postan

Chinese President.jpg

China, the world’s second largest economy, is planning on publishing new cybersecurity laws, to be effective June 2017. President Xi Jinping’s Cyber Security Law is intended to safeguard their IT Systems from hackers across the world, especially after WannaCry (the global ransomware attack in May). The fact is, after Edward Snowden had exposed the US government for spying, many countries (and citizens) were left feeling exposed. There’s no surprise that a country, as large as China, is now implementing cyber protocols and online policing regulations to avoid such a breach.

So how does this concern foreign organizations? Through publishing laws and intellectual property.

Even though “The Great Firewall” strictly controls the country’s web content, some areas were still breached in the WannaCry attack. The new Cyber Security Law is intended to protect the country’s national honour, as it bans users from publishing anything that damages "national honour", "disturbs economic or social order" or is aimed at "overthrowing the socialist system". In terms of consumer privacy legislations, the Cyber Security Law also forbids companies from storing personal information about Chinese citizens, outside of the country without permission.

Many stipulations in the Cyber Security Law state that: Internet operators must cooperate with investigations involving crime and national security, computer equipment must undergo mandatory testing and certification, and companies must also give government investigators full access to their data if wrong-doing is suspected. According to Bloomberg Technology, certification of this equipment could mean that companies will be asked to provide a source code, encryption details, or other critical intellectual property for review. Georges Haour writes in Fortune Magazine, “given the weaknesses of China’s enforcement of laws around intellectual property, it’s easy to see how trade secrets can fall into the hands of Chinese competitors at the expense of the best interests of foreign firms.”

Companies will find that Operations & Compliance Management Software will prove to be the most effective tool to ensure compliance, especially when legislation is still changing. For more information about compliance, download Uzado’s whitepaper:Why Compliance Does NOT Equal Security

Read More
Topics: Compliance, Security, ransomware, viruses

Around the World with WannaCry

Alix Postan

wannacry.png

Ransomware viruses have been on the rise since 2005, with the most recent virus called WannaCry – which hit 150 countries in a matter of hours on May 12th (Friday). Over 10,000 businesses and 200,000 individuals were affected by the virus and had their files held ransom for $300 in Bitcoin*.

So what happened?

There are two kinds of ransomware: crypto and locker based. Both forms of ransomware are released through emails, either in the form of contagious attachments or hyperlinks to fraudulent websites. Crypto-ransomware will encrypt files on the computer and will only be decrypted once the ransom is paid out; whereas locker-based ransomware will block access to the files until the ransom is paid.

Canada was fortunate enough to not be infected by this specific malware; however, that doesn’t mean that Canadians are out of the woods. According to Bennett Jones, out of 125 anonymous Canadian organizations, 72% had reported being the victim of a cyberattack within the previous year – where 35% were identified as ransomware attacks.

What now?                                    

While some of the ransomware attacks in Europe were able to be circumvented, several other forms of WannaCry have since been coded and released that supersede the flaws of the previous version. We strongly recommend that companies and individuals take a proactive approach to protecting their information. It’s critical to continuously run software updates (even if the software gets updates as often as Java sends updates), the newer versions of software have patches to existing vulnerabilities – making it more secure for you to use. On top of that, it’s important to routinely scan your systems to see what vulnerabilities might be exposing you to these types of malware and to fix them.

Check out our blog post on “Why Vulnerability Assessments Are Insufficient” for more information on securing your servers.

If you have any questions or are looking for cybersecurity solutions, contact Uzado and we will be happy to assist you in protecting your information.

A Risk-Based Approach  to Vulnerability Remediation

*Bitcoin is an electronic currency, as of March 15th, 2017, 1 Bitcoin was valued around CDN$2,380.00.

 

Read More
Topics: Vulnerability Management, Security, Remediating Risks, ransomware, viruses