logo
ENFRع
#

Latest news with #CanadianBusinesses

OPINION: Why 'least privilege' is Canada's best defence
OPINION: Why 'least privilege' is Canada's best defence

Yahoo

time20-06-2025

  • Business
  • Yahoo

OPINION: Why 'least privilege' is Canada's best defence

Microsoft just hit a record high of 1,360 reported vulnerabilities in its software last year. While that number might sound scary, it's part of a trend we've seen for years. The real problem lies in what's behind the numbers and what they mean for Canadian businesses trying to stay secure in a fast-moving world. As BeyondTrust's latest Microsoft Vulnerabilities Report reveals, one type of security risk is especially alarming: elevation of privilege (EoP). This category made up 40 per cent of Microsoft's total reported vulnerabilities in 2024. That's not just a statistic; it's a wake-up call. What's elevation of privilege and why should Canadians care? Imagine someone finds a way to break into your office using a stolen key card. That's what an elevation of privilege attack is like in the digital world. Once inside, hackers can quietly move through your systems, taking control of sensitive data or expanding their access without being noticed. These attacks often begin with compromised credentials, sometimes even from non-human identities like service accounts. The problem snowballs from there. We've seen it over and over in major data breaches: attackers find one weak point, then jump from system to system. And Microsoft isn't the only target. If 40 per cent of their vulnerabilities are EoP-related, imagine how many other software platforms that Canadian companies rely on could also be vulnerable. The rise of security feature bypass attacks Another disturbing trend is the spike in security feature bypass vulnerabilities, up 60 per cent since 2020. These are loopholes hackers use to get around built-in protections in tools like Microsoft Office and Windows. Think of these bypasses as digital 'unlocked doors.' If an attacker finds one, it doesn't matter how strong your locks are, they're walking right in. Tools like EDR (endpoint detection and response) are meant to stop threats, but attackers are finding ways around them too. We've seen the rise of tools like EDR Killer that are designed specifically to sneak past these defences. Why Canadian companies can't rely on just one layer of security Some businesses still make the mistake of thinking one product or platform will keep them safe. But cybersecurity isn't about one silver bullet. It's about layered defences, also known as 'defence in depth.' For example, if a patch causes problems or breaks other tools, companies might delay applying it. But that delay gives attackers a window of opportunity. The better approach? Have multiple layers of protection in place, especially for front-line systems and high-risk assets. Microsoft Edge: The new problem child? One surprise in this year's report was the jump in Microsoft Edge vulnerabilities. Critical issues rose from 1 to 9 and total vulnerabilities increased from 249 to 292. Has Microsoft shifted its focus too much toward Azure and Dynamics 365? It's a question worth asking, especially when everyday tools like browsers are often the first entry point for cyberattacks. AI brings new benefits and new risks Artificial Intelligence (AI) is transforming how businesses operate, but it's also opening the door to new threats. Microsoft Copilot Studio and Azure Health Bot, for instance, were flagged for AI-related vulnerabilities in this year's report. AI is already being used by threat actors to automate attacks, identify weaknesses faster and even write malicious code. We haven't yet seen a large-scale attack where an AI or large language model (LLM) becomes the main infection point, but that day is coming. The biggest question on the horizon: can we trust the output from AI tools? What if the answers, code or insights we get from AI are secretly manipulated by a hacker? Canadian companies need to think about how to secure not just their AI tools, but also the data and systems that feed them. AI security can't be an afterthought; it must be built into every layer of your defence strategy. The power of 'least privilege' in a 'zero-trust' world One of the most effective ways to reduce risk is by applying the principle of 'least privilege.' It's not a new idea, but it's more important than ever. 'Least privilege' means giving every user—human or machine—only the access they absolutely need to do their job. Nothing more. If someone doesn't need admin rights, don't give it to them. If a service account only needs access to one system, don't let it roam freely. This approach limits the damage if (or when) something goes wrong. It's also a key part of a 'zero-trust strategy,' which assumes no one and nothing should be trusted automatically, even if they're already 'inside' your network. In fact, many organizations confuse 'zero trust' with 'least privilege.' The difference is that 'zero trust' is the overall strategy, and 'least privilege' is a tactical way to enforce it. A practical step Canadian companies can take right now? Audit your users and systems. Who has access to what and why? You might be shocked by how many people or services have more access than they actually need. Identities are the new perimeter Cybersecurity used to be about building firewalls around a company's data centre. But in today's world of cloud apps, hybrid work and global supply chains, identity is the new perimeter. Attackers are no longer just looking for software flaws. They're targeting people, especially those with access and privileges. That includes your employees, partners, contractors and even automated systems. That's why privilege access management (PAM) and identity-first security strategies are so critical for Canadian businesses. These approaches don't just monitor threats; they help stop them at the source by locking down who can do what, where and when. The bottom line going forward Cybersecurity isn't about being perfect; it's about being proactive. You can have 99.9 per cent of your environment locked down, but if there's a .01 per cent vulnerability, that's all an attacker needs. Canadian organizations need to shift their mindset from reactive to proactive. That means applying patches smartly, layering defences, adopting AI cautiously and putting 'least privilege' at the heart of your security program. Because when it comes to protecting your business, every identity and every privilege matters. Dan Deganutti is the senior vice president and country manager for Canada at BeyondTrust, where he leads the company's Canadian go to market (GTM) operations and fosters relationships with clients and business partners. This section is powered by Revenue Dynamix. Revenue Dynamix provides innovative marketing solutions designed to help IT professionals and businesses thrive in the Canadian market, offering insights and strategies that drive growth and success across the enterprise IT spectrum. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data

Accept/Pay Global launches real-time payments with Interac
Accept/Pay Global launches real-time payments with Interac

Finextra

time16-06-2025

  • Business
  • Finextra

Accept/Pay Global launches real-time payments with Interac

Accept/Pay Global (APG) today announced the launch of its Real-Time Payments with Interac product, enabling businesses across Canada to send and receive payments instantly and securely using Interac e-Transfers. 0 This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author. Enterprise customers and financial platforms looking to streamline collections and disbursements can now integrate with our API to deliver speed, convenience, and reliability in payments. The solution is now available to all Canadian enterprises, with a particular focus on high transaction volume use-cases in lending, earned wage access, and insurance. Gajen Pararajalingam, COO of Accept/Pay Global said, "Real-time payments are table stakes for delivering superior customer experiences - whether you're funding a loan, processing payroll, or settling claims. Our Interac-powered solution allows clients to move funds instantly to any Canadian bank account, securely and at scale." The Real-Time Payments with Interac product is designed to support: Instant loan disbursements for online and alternative lenders Real-time payroll and earned wage access (EWA) programs for on-demand payments Claims and customer payouts for insurance providers Faster B2B settlements and vendor payments Accept/Pay Global's API-driven platform enables seamless integration of real-time payments into existing business systems — supporting full audit trails, reporting, and automated reconciliation. Key Benefits: Instant Payments to any Canadian bank account via Interac Enterprise-grade API integration for automated payouts at scale 24/7/365 availability, including evenings, weekends, and holidays Real-time visibility into payment status and delivery Built-in compliance and fraud monitoring for regulated industries "With Accept/Pay Global's Real-Time Payments with Interac, our clients can give their customers exactly what they expect — instant access to funds," added Gajen. "We're excited to help businesses modernize their payment infrastructure and unlock new competitive advantages." Real-Time Payments with Interac is now live and available to Accept/Pay Global customers across Canada. The solution is offered as a standalone API product or as part of APG's broader electronic funds transfer (EFT) and digital payments platform.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store