Helping organizations guard against cyber crime
By Cheryl Long
It could be something as simple as a USB stick found lying in the office foyer. Cyber crime is stealthy and it’s malicious and it’s everywhere. Could your business be at risk?
As technology continues to advance at a breakneck pace, businesses need to identify their high risk areas and then learn how to best protect themselves from attacks that are difficult, if not impossible, to predict.This is where NCI comes in. Founded in Toronto in 2000 by a team of IT professionals who wanted to provide a full range of cyber security services and solutions, today NCI is successfully securing the vital information and data owned by hundreds of public and private sector clients across Canada.
NCI first set out to help organizations strengthen their security by installing third-party products and providing follow-up support, said President & CEO Danny Timmins. As the business grew — increasing from three to about 50 employees today — they developed a managed service around those products and then introduced consulting services that focused on assessment work in a cyber security environment. The third piece of the business saw NCI become a Payment Card Industry (PCI) organization, which allows them to audit businesses for the use of credit cards. Those three entities still make up NCI’s business model and continue to grow, Timmins said.
“One of the most difficult things for organizations to really understand is what their baseline is, how secure are they,” he explained. “We’ve developed a product that focuses on a cyber security framework and we’ve put it into a format that an executive or a CIO can look at and determine where their weaknesses are.”
Data breaches can cost millions
Cyber crime is a serious issue for businesses, governments and citizens alike. Earlier this year, the United States issued an executive order that would expand the government’s ability to respond to malicious cyber attacks through financial sanctions. President Barack Obama called cyber threats “one of the most serious economical and national security challenges to the United States…” Whether it’s a data breach, phishing attack or any kind of tampering, cyber security crimes are not only invasive but can have devastating and long-term effects. The financial implications are some of the most shocking. According to a study released earlier this year by the Ponemon Institute, a research centre based in Michigan, the average consolidated total cost of a data breach in Canada was $5.32 million. Most of that cost was a result of lost business following the breach. NCI has locations in Mississauga, Ottawa and Montreal, and additional satellite offices in Vancouver, Sydney, NS and St. John, NB. Thanks to the company’s focus on their clients’ needs, innovation and solution-driven thinking, the company has built a solid client base that has seen repeat business from 79 percent of their top 200 clients over a four-year period. Those clients span a wide range of sectors, including municipal government, law enforcement, health care, education, tourism and finance.
“We have won a lot of large enterprise business in the last two years,” Timmins said. “We’ve always, as a business, wanted to do very high quality work. What we’ve found is that it’s starting to come back to us; we’re finding that we’re getting a much larger piece of the pie.”
One of their key business offerings falls under managed and cloud services, which are frequently outsourced by clients. Managing cyber security products can be difficult for many companies, in terms of both manpower and knowledge, Timmins said. NCI can oversee everything from firewalls to the content that’s coming in and out of the organization, ensuring a level of security designed to mitigate risk. Since NCI is not affiliated with any particular vendors, they’re able to assess each client’s needs and then provide the technology that offers the best solution without being tied to a particular line of products.
Red Teams launch ‘attacks’
One of the most illuminating services NCI provides is carried out by the company’s “Red Team”. Made up of highly qualified cyber security employees, the team launches a planned cyber attack on a company in hopes of revealing where the organization is weakest. The exercise goes beyond traditional penetration testing, using physical, digital and social engineering attack vectors in an attempt to compromise the company and gain access to high-value assets without being detected.
The attack can stem from something as seemingly innocent as a phone call from one supposed employee to another, asking for a password to replace one that was lost or forgotten. Sending out emails that ask for user names and passwords because the company is “upgrading their servers and lost employee data” is another way to test security. NCI will even work onsite, trying to assess how easily one of their team members can gain entry to the business and access protected information. They may even toss a few USB sticks infected with malware on the floor, knowing that at least one person may pick it up and use it in their computer. Ultimately, NCI is tasked with finding the holes within a business and then determining the best ways to plug those holes.
At the end of the assessment, each client is provided with a roadmap that offers clear direction on where to allocate resources and funding for maximum cyber protection. Because cyber security is so extensive, it’s important for companies to focus on areas that will deliver results. The roadmap paints a picture that makes it easier to both understand and support the need for spending on cyber security efforts.
Giving back is a priority
Though the company has a strong mandate to meet their clients’ needs by combining third-party solutions, training and proactive security services, NCI also feels strongly about contributing to their communities. In fact, giving back is considered one of the organization’s core values. They support a number of different charitable groups, including the True Patriot Love Foundation, the Peel Children’s Aid Foundation, Covenant House, Cadets Canada and the Mississauga Food bank, among others. Last year, they introduced a program that matches employee charitable donations up to $100 per person.
The commitment to supporting various groups and foundations speaks to some of NCI’s values — passion, integrity, being respectful, fostering leadership qualities and encouraging a sense of responsibility.
“We seem to get better every year at finding ways to go back to our communities and try to do things that are of value and are giving back. It’s something that connects the business and connects the team, but it’s also a great thing to do. You feel really great about it.”
To learn more about NCI and protecting your company from cyber crime, visit www.nci.ca.