CYBERCRIME IN SURREY: How to defend your data in a world full of high-tech crooks

City of Surrey cyber security manager David Izzard sheds light on eyebrow-raising statistics and offers some advice on protecting yourself.

If you own a small or medium business, your chance of being a victim of cybercrime in the next year is one in seven. City of Surrey cyber security manager David Izzard sheds light on some eyebrow-raising statistics and offers some practical advice on protecting yourself.


If you’re not creeped out by cyber-villains, you’d better get with the times. Especially if you own a business.

David Izzard, cyber security manager for the City of Surrey, knows the score.

“Sixty per cent of all small and medium businesses that experience a breach fail, and the vast majority are out of business in six months,” he warns. “You’ve gotta take cyber security seriously as a small or medium business.”

Last year, Izzard and his five-member team stopped 94,000 malicious web attacks on city hall in six months and well over 100,000 malware attempts in that same period.

“We also have some systems that you guys won’t have,” he told business owners at a recent community safety breakfast, sponsored by the Downtown Surrey Business Improvement Association.

“We call them advanced threat detection systems so this actually detects malware that hasn’t been seen anywhere in the world and it’s unique, targeting just the city. In the three months that we installed that system we were able to stop 113, I believe is the number.”

By October, city hall hopes to launch a website where residents and business owners can learn how to be more cyber secure, in keeping with October being Cyber Security Awareness Month.

“Hopefully it’s up and live by then,” Izzard says.

While his job is to protect city hall from online crooks, it’s also his mission to convert small and medium-sized  business owners to the conviction that failing to be cyber secure is a sure way to court financial peril, and the volume of research he’s amassed bears that out.

According to the Canadian Chamber of Commerce, nearly half of all small businesses have fallen victim to cybercrime and a Symantec internet security threat report issued this year indicates that small and medium-sized businesses were the targets in roughly 65 per cent of all attacks in 2015.

“They are a favourite target,” Izzard warns. “They have less security. Your chance, as a small or medium business, of being attacked in the next year is one in seven. One in seven.”

According to a study on data breach preparedness by the Ponemon Institute, 45 per cent of senior executives surveyed say their business experiences cyber attacks hourly or daily. Forty-three per cent of U.S. companies in 2014 experienced a data breach, and in 89 per cent of those, greed was the motive.

The statistics for 2015, Izzard says, are expected to come in at “well over 50 per cent.”

“Our world has fundamentally changed in the last five to 10 years. Cybercrime is on the rise and it’s growing at an astonishing rate. The vast majority of these breaches now have a financial motive, so it’s no longer state-sponsored, terrorist attacks or espionage.

“It’s really fundamentally about making money,” he explains. “In fact, it is so profitable, you can now make more money in cybercrime than you can in the drug trade.”

Ponemon’s research reveals that Global IT security spending has increased by 11 per cent over the past decade and, according to a SecurityLabs report, new malware is created every 3.5 seconds.

A Sophos security threat report indicates 30,000 websites are hacked every day and McAfee Labs’  threat report for 2015 reveals that ransom-based computer attacks have increased by 127 per cent. That’s when cyber criminals seize a company’s data and hold it hostage, or shut down services until the company they’ve targeted pays a ransom to have the lock released.

“Cyber criminals are now offering cybercrime services, digital services, to other would-be attackers,” Izzard notes.

“What makes this so scary, at least from our perspective, is you no longer need a lot of technical knowledge – you don’t need to be a computer geek to launch a cyber attack. All you need is motivation and a little bit of money…you can buy some custom malware and you can launch an attack. That’s actually what we’re seeing more and more. In fact, the number one attacker is actually organized crime.”

Izzard notes that cyber criminals basically want to accomplish one of three things, if not all of them.

First, they want to steal data – customer information, employee data, financial information and intellectual property.

This, he says, is “very valuable on the black market.”

They also might want to use a company to attack others, be it the company’s customers, staff members or business partners. And third, they want to extort money from companies by taking their data hostage for a ransom.

Security breaches can be vault-busting expensive. The average cost of a breach in Canada is $7.8 million, factoring in attacks against large companies.

Izzard presents a catalogue of profound corporate victimhood, with multi-million damage having been done to Home Depot ($56 million), Sony Pictures Entertainment ($100 million), Anthem ($100 million),  Heartland Pay Systems ($140 million), TJ Maxx ($162 million), Sony PlayStation ($171 million), Target ($191 million), Hannaford Bros ($256 million), Ashley Madison (potentially $587 million) and so on.

Despite those heady figures, Izzard says breaches are generally more costly to small businesses – about three times as much – because of economies of scale.

So what can you do to protect yourself and your business?

Hiring an online security team, and making sure your service provider takes cyber security seriously, is a good start. Or at least have somebody on staff responsible for cyber security.

“If you do use a service provider, particularly an IT service provider, ensure that they have somebody responsible for cyber security on their staff. If they don’t, that should raise red flags – it’s time to change.”

Izzard said using a cloud “is really good for small and medium businesses – embrace the cloud.”

What’s a cloud? Not those fluffy things up in the sky. Cloud computing involves storing and processing data through a network of online servers as opposed to relying on your computer’s hard drive. It can be a good way to be secure, but don’t assume all clouds are created equal.

“You want to make sure you’re using trustworthy clouds,” Izzard says, adding that Cloud Security Alliance has a “star registry” where you can see how your’s rates.

“This is a registry where these cloud providers have been third-party independently tested and verified for cyber security. If they’re not on the star registry, you probably want to avoid them.”

If you’re using Wi-Fi, make sure it’s secure, enable auto-update for all your systems and applications, and encrypt your devices so your data is protected in transit.

Izzard recommends not to open email from people you don’t know and for business owners to instruct their staff to do the same. If you’re not expecting an email, he says, chances are it’s not legit.

Never click on links contained within an email, he adds, and don’t open attachments even from people you do know.

“You might be practising good cyber security hygiene, but it doesn’t mean the folks you do business with are. If it’s something you’re expecting, you’re probably safe.”

Izzard said the City of Surrey is seeing far more links than attachments now, “and that’s because people trust links more.”

It’s also important for businesses to protect their social media accounts, he advises.

“This is your online reputation, and if you don’t protect these accounts, the cyber criminals can hold your reputation hostage and the damage they can do, in social media, is frightening.”

Millennials rely on social media for information, he notes, “So if you’ve got a bad reputation online in the social media’s face, you’re pretty much out of business when it comes to them.”

Obviously, having strong passwords is important. They should include numbers, uppercase characters, and be at least 10 characters long. Izzard suggests you include in your’s something you know, something you are and something you have. Use two-step verification on all your accounts. How does that work? Set your system up where you have to provide a second piece of information, after entering your password, to access your accounts.

Izzard says making sure all your software and systems are up to date, automatically, and immediately, and using a two-step verification will reduce your chances of becoming a cybercrime victim by about 85 per cent.

And doing all the above will not only help business, it might even attract it.

“Interestingly enough, over 52 per cent of customers would actually pay more for goods or services from a company with a good reputation in cyber security. Customers are willing to pay more,” Izzard says. “So cyber security is no longer just a business expense, it is now a strategic competitive advantage that drives market share. Being secure gets you more customers. It’s a pretty bold statement, backed up by numbers.”

Izzard said a survey done by the New York Stock Exchange found that cyber security in now so important to businesses that in 80 per cent of the companies surveyed, cyber security topics were the number-one agenda item of boardroom discussions for every single meeting. “That’s the world we’re in today.”

According to the Deloitte Consumer Review, 73 per cent of consumers would reconsider using a company that had a data breach.

“Security also now drives customer decisions.”

Izzard notes that while the vast majority of threats are from the outside, and generally involve organized crime, “There are malicious employees out there. Especially if you’ve gotten rid of one but haven’t disabled their access to your systems.”

But ultimately, Izzard has found, “grey matter” is the best defence against cyber crime.

Sure, employees can be the weakest link as criminals might try to convince them to do something. This is easier than hacking a computer. But there’s also a flip side to that coin.

“Here’s the thing: You can turn that around,” Izzard says. “Your employees can actually be your best defence. There’s no replacement for grey matter. There’s no security system in the world as good as a human being that is aware at recognizing things that are not legitimate.”

He advises businesses to teach employees about cyber security, but don’t make it about“the business.” For example, the City of Surrey launched a cyber-security awareness campaign for staff. It did not specifically focus on how to protect city hall, per se. Rather, it aimed to teach staff how to be cyber-secure in their daily lives.

“Good behaviours at home translates into good behaviours at work,” Izzard said. “Make it about the employee rather than about the company.”


Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Traffic was tied up at the intersection of Scott and Old Yale Roads in North Surrey on Tuesday afternoon, after a semi truck hauling a load of pipes flipped while making a turn. (Shane MacKichan photos)
VIDEO: Semi hauling load of pipes flips in North Surrey intersection

Traffic near Scott and Old Yale Roads tied up by Tuesday afternoon incident

Sheila Malcolmson, B.C.’s minister of mental health and addictions (Screen shot)
Minister of mental health tells Surrey audience COVID-19 ‘has made everything worse’

More than 23,000 people in B.C. are receiving medication to treat opioid addiction

Farmers raise slogans during a protest on a highway at the Delhi-Haryana state border, India, Thursday, Dec. 3, 2020. Tens of thousands of farmers descended upon the borders of New Delhi to protest new farming laws that they say will open them to corporate exploitation. THE CANADIAN PRESS/AP-Manish Swarup
Delta council stands in solidarity with protesting Indian farmers

Farmers have been protesting for months new laws they say leave them open to corporate exploitation

Shana Harris-Morris was killed Feb. 4. (GoFundMe photo)
IHIT says 22-year-old killed in Surrey shooting was ‘unintended victim’

Shana Harris’ family makes appeal for more information

RCMP. (Phil McLachlan - Black Press Media file)
Man charged after pushing pregnant woman to the ground in Surrey, police say

Surrey RCMP say it appeared to be an ‘unprovoked assault’

Restaurant patrons enjoy the weather on a patio in Vancouver, B.C., Monday, April 5, 2021. The province has restricted indoor dining at all restaurants in B.C. due to a spike in COVID-19 numbers. THE CANADIAN PRESS/Jonathan Hayward
B.C.’s COVID-19 indoor dining, drinking ban extending into May

Restaurant association says patio rules to be clarified

In a 2019 photograph, Yin Yin Din held a picture of her brother Kyaw Naing Din, 54, and her late father Hla Din who passed away in 2014, during a trip to Victoria. (The News files)
Family of B.C. man killed by cop appeals to Attorney General for help

The Din family want B.C. Attorney General David Eby to forward their case to Crown

B.C. Premier John Horgan speaks at the B.C. legislature. (B.C. government)
Tougher COVID-19 restrictions in B.C., including travel, still ‘on the table’: Horgan

John Horgan says travel restrictions will be discussed Wednesday by the provincial cabinet

Protesters occupied a road leading to Fairy Creek Watershed near Port Renfrew. (Submitted photo)
B.C. First Nation says logging activist interference not welcome at Fairy Creek

Vancouver Island’s Pacheedaht concerned about increasing polarization over forestry activities

Flow Academy is not accepting membership applications from anybody who has received a dose of the vaccine, according to a password-protected membership application form. (Submitted image)
B.C. martial arts gym refusing patrons who have been vaccinated, wear masks

Interior Health has already issued a ticket to Flow Academy for non-compliance with public health orders

Of 46 arrests made between March 16 and 19 at Metrotown mall in Burnaby, 27 suspected shoplifters are now facing charges. (Twitter/Burnaby RCMP)
RCMP arrest 46 people in 4 days during Metrotown shoplifting crackdown

$4,800 in stolen merchandise was recovered and returned to businesses inside of the mall

Maple Ridge's Doug Ubell caught some photographs recently that he was anxious to share, one taken while on the Trans-Canada Trail looking southwest towards the Pitt River Bridge, and another from on Golden Ears Bridge. (Special to The News)
Traffic on Golden Ears Bridge returning to pre-pandemic levels

Commuters from Greater Vancouver still driving more, taking transit less

Kao Macaulay has been charged in relation to a home break-in on March 30 in Abbotsford in which five kittens were stolen. (Facebook photo)
‘Prolific offender’ charged with theft of 5 newborn kittens in Abbotsford

Kao Macaulay, 23, is accused of breaking into home on March 30

Facebook screenshot of the sea lion on Holberg Road. (Greg Clarke Facebook video)
VIDEO: Sea lion randomly spotted on remote B.C. logging road

Greg Clarke was driving home on the Holberg Road April 12, when he saw a large sea lion.

Most Read