What We Do
How we do it
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
Jun 01, 2023
Critical Vulnerability in MOVEit Transfer
THE THREAT eSentire is aware of reports relating to the active exploitation of a currently unnamed vulnerability impacting Progress Software’s managed file transfer software MOVEit Transfer.…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Sep 30, 2016

Cyber risk safety: protecting your business and employees from the inevitable

7 minutes read
Speak With A Security Expert Now

How many times have you received an email from someone telling you that you’ve recently “come into some money”? All you have to do is respond with your bank account information and they’ll transfer the funds immediately. Or someone impersonating your IT department asking you to open an attached file to upgrade your email account. Or what about the email from a “close friend” who is out of cash in a foreign country and needs money to get home safely.

These are just a few common examples of cybercriminals trying to gain access to your company data or finances through malware.

In a recent interview with Carol Leaman, President and CEO of Axonify, the creator of the world’s first Employee Knowledge Platform; Eldon Sprickerhoff, Founder and Chief Security Strategist of eSentire, the creator of an award-winning cybersecurity platform for mid-sized organizations; and Leon Punambolam, Technology Industry Leader at Cowan Insurance Group, a preeminent insurance brokerage and consulting operation, and one of Canada’s Best Managed Companies; we discussed how cyber risk affects companies today and what we can do to protect ourselves, our employees and our businesses from these potentially severe crimes.

Cyber risk comes in a variety of forms from phishing attacks to social engineering to ransomware and beyond. Cyber risk is real. Cyber risk is serious. Cyber risk affects every business, big or small. It’s not a matter of if it’ll happen to your business; it’s a matter of when.

What is Cyber Risk?

According to Eldon Sprickerhoff, “any threat that affects the confidentiality, the integrity or the availability of electronic information, is a cyber risk to your business.”

Arguably, the most devastating form of cyber risk to a business is ransomware. This involves a cybercriminal gaining access to your company files through malware and often requires your company to pay thousands, if not hundreds of thousands or millions of dollars to get those files back. This can be incredibly detrimental to those industries housing personal, financial or other uniquely valuable electronic information.

A recent survey sponsored by Malwarebytes and conducted by Osterman Research found that Canadian companies are more likely to pay ransom demands than those in Germany, the U.S. and the U.K.—the other regions included in the survey. More than 82% of the Canadian companies surveyed, affected by ransomware, lost company files if they didn’t pay the ransom; 43% lost revenue; 25% experienced an interruption in business.1

Fortunately, there are varieties of prevention strategies your business can exercise to protect itself and its employees from the damaging effects of a cyber breach.

It Can Happen (Where and) When You Least Expect

So, what is the true threat to your business’s cybersecurity? It’s technology, right? Wrong. It’s your people.

People are the gateway to your business’s data. They have passwords and access to your business’s backend information, they’re receiving the infected emails, and they’re clicking the links to open the door to the cybercriminals.

If you’ve grown your business beyond the 10-employee mark, you’ve likely outgrown your security processes and need to reevaluate where your threats lie. The family atmosphere and personal trust often found in small, close-knit businesses can remain, however, that doesn’t mean everyone needs access to your backend information if their job description doesn’t warrant it.

What about the less obvious cyber risks? The ones you’d never think could happen to your business: insider threats. Employees experiencing hardships—financial, health related or otherwise—can be susceptible to taking part in these insider cybercrimes. If they’re the ones who have access to your data, you may want to consider how you’re protecting your business from this risk too.

Empowering Employees through Education

Just as you would train your employees on the dangers of chemicals and their appropriate use, the same considerations apply to cyber use.

Since employees are your greatest risk when it comes to a cyber breach, employee education on the subject should be included in your new employee training and education programs and, as ongoing training initiatives for existing employees. If your employees are aware of the dangers of cyber threats, how they can be targeted, what to look for, and how to respond (or not respond), your business is one-step closer to cybersecurity.

It’s likely your new employee training is a one- or two-day training session where loads of information is piled on new employees and they’re expected to remember it all six months down the road. Your employees won’t absorb this information and recall it days, weeks or months from now when they encounter one of those malicious emails they’re guaranteed to receive.

“A typical human being will remember 5-10% of what they learned 30 days earlier,” says Carol Leaman. “All the effort put into those one-day employee training sessions goes to waste because the brain is incapable of moving all information from short-term memory to long-term memory effectively.”

It takes ongoing training to ingrain that information in your employees’ memories. Using learning techniques like delivering small chunks of training several times per week, querying employees on their knowledge repeatedly over time, and allowing them to play games while they learn, will engage your employees and help them retain that information long term. Then, when they receive one of those malicious emails, they’ll know not to open it, click on any links or respond to the sender with confidential information.

It’s important to remember that employee education will reduce the risk of a cyber breach; however, it doesn’t stop the criminals from trying. Providing ongoing education and training to employees, revamping the information, altering how you deliver it, and staying up to date on prevention strategies are effective ways to protect your employees in the fight against cybercriminals.

Protecting Your Business from the Ground Up

Now that you know the risk to your business when it comes to cybercrime, along with the systematic and human resource mitigation tactics, how are you going to further protect your business assets?

You insure your house from a fire, your car from an accident and your life from illness—your business needs protection from its threats too. Since cyber risk has only recently become a common theme at the Executive table, not everyone is aware of the risk protection and liability coverage available. And those who are aware often think they don’t need the insurance because a cybercrime will never happen to their business.

“Surprisingly, many company executives and business owners in Canada aren’t seriously considering the impending threat from cybercriminals,” says Leon Punambolam. “In reality, it’s much easier than you think for the ‘bad guys’ to target your business and damage what you’ve worked so hard to achieve—including your positive corporate reputation.” What would happen to that reputation and the trust that your clients place in your business if it were to experience a cyber breach? The longer you wait to protect your assets, the more time and opportunity you’re giving these criminals to hone their skills and hit your business.

A medium-sized organization can receive upwards of 10,000 emails to their spam filters per day. If a failure in technology or process were to occur and one of those emails were to cause a cyber breach, the impact on the business could result in: significant financial costs, damaged reputation, decreased public trust, fines or sanctions for regulatory non-compliance, loss of business or competitive edge, and loss of productivity.

In addition to understanding the impact on your business and insuring your assets from the ground-up, it’s important to consider your risk tolerance. Risk management is about identifying risks, mitigating risks and transferring risks—which is where insurance comes into play. Knowing what assets are most at risk in your business (when it comes to cyber) and how much risk your business is willing to take, will help you identify your insurance needs.

Working with a broker who is well versed in cyber risk will help your organization understand its overall threat of cyber, address insufficiencies to mitigate the risks, and leverage insurance coverage for the balance of the risk to your business. Additionally, your broker can identify and help you create a plan to implement proactive process controls to further minimize the impact of a breach.

At the end of the day, it’s about protecting your business from the inevitable. Cybercrime is a risk to all businesses. The armour you use to protect your business, from cybersecurity to employee education to business insurance, will make it harder for cyber risk to damage your business and your bottom line.

For more information on your business’s cybersecurity, employee education or cyber risk management needs, reach out to eSentire, Axonify or Cowan Insurance Group today.

View Most Recent Blogs
Eldon Sprickerhoff
Eldon Sprickerhoff Founder and Advisor

Eldon Sprickerhoff is the original pioneer and inventor of what is now referred to as Managed Detection and Response (MDR). In founding eSentire, he responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over 20 years of tactical experience, Eldon is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.