english

Constructing the cyber-insurance market: Improving cybersecurity through insurance?

While dealing with interconnected and global risks, the cyber-insurance market is rapidly growing. This market is a creature of privacy and data security regulations, and mandatory breach notifications have shaped its business model. Market stakeholders suggest that cyber-insurance provides incentives and resources to insured organizations for improving cybersecurity. This presentation seeks to empirically test this …

[STAT CAN] Fail-Safe to Safe-to-Fail

By Traian Toma, Université de Montréal and Fiona Westin, Carleton University According to Statistics Canada [1], 92% of today’s Canadian enterprises use digital technology to do business. With pervasive adoption of digital technology comes increased concern over its risks and threats. Virtually every business employs some form of cybersecurity measure to protect itself [1]. However, while …

Exploring the role of work identity and empowerment in cybersecurity awareness

Technology-related interventions do not always prevent organizations from becoming victims of cyberattacks and data breaches. Indeed, cybersecurity is not just about technology: almost all successful cyberattacks have a contributing human factor. Employees can bolster organizational cybersecurity as, for the most part, technology cannot be the only solution. However, as much as employees can be a …

Phishing attempts and the “Dark Triad”

Spam filters have been developed to effectively detect and deter phishing campaigns. Yet, attackers continuously find new ways to evade these technologies through sophisticated and personalized e-mails that take advantage of human limitations and persuade people to respond. Machiavellianism, narcissism, and psychopathy are known as the “Dark Triad” of personality traits. Machiavellianism is associated with …

The sport of cybersecurity

Cybersecurity is no longer just a problem for governments or tech firms — it has now reached U.S. professional sports leagues. Unfortunately, the leagues’ efforts to safeguard the integrity of their sporting competition from these threats have been relatively slow to develop. Rather than formulate leaguewide cybersecurity standards, U.S. leagues appear to largely defer to …

Financial Crime Trend Bulletin : RCMP Telephone Number Being Spoofed

Purpose This bulletin was prepared to advise the public that scammers may be displaying an RCMP telephone number on your caller ID. Overview The Royal Canadian Mounted Police is advising the public that scammers may be displaying an RCMP telephone number on your caller ID. This is part of a common scheme where fraudsters claim …

Factors that influence employee anti-malware behaviors

Organizations are continually exposed to a variety of online threats that put their information and systems in danger. The risks are even more significant as they face more advanced and persistent threats, as well as insider threat. The insider threat is employees introducing risks to the organization due to non-compliance with the information system security …

Financial Crime Trend Bulletin : SIN Scam

Purpose This bulletin was prepared to advise the public of a growing telephone scam where fraudsters say that your Social Insurance Number (SIN) has been blocked, compromised or suspended. Overview Consumers are reporting calls where fraudsters claim that your SIN has been blocked, compromised or suspended. Fraudsters may add that this is due to your …

The economic significance of ransomware campaigns through Bitcoin transactions

Cyber-attacks continue to evolve as they become an increasing concern for computer systems across the world. In 2018, almost 21% of Canadian businesses have been impacted by a cybersecurity incident. Among them, 8% have declared being victims of ransomware[1]. Ransomware is one of the most dangerous cyber-crime threats to individual users and enterprises. According to …

Manual and automated techniques for detecting network attacks

When launching an attack against an organization, cybercriminals can face defensive systems that are part human and part machine. The human part corresponds to security analysts who scrutinize the server logs and identify anomalies that correlate to malicious intent. The machine part consists of data analysis run by unsupervised learning systems. Especially, clustering the data …