Cyber threats accelerating in Canada and around the world
For years now, our spam folders have been filled with emails from so-called relatives or royalty offering us inheritances. There are offers of gift cards from our favourite retailers, banks claiming our accounts have been compromised, and any number of product offerings for things that would make Grandma blush. We’re so used to it that we think we’re safe from cyber crime. Think again.
Cyber attacks and cyber crime have risen exponentially in the last two years. People and organizations are vulnerable to crimes that drain bank accounts, steal personal information, and paralyze enterprises with alarming ease. Just last month, Winnipeg’s Winpak Ltd. was the victim of a ransomware attack, knocking out its systems for three weeks. Tire company Bridgestone is still recovering from a cyberattack impacting its North American operations in February. Last fall, the Toronto Transit Commission was hit with ransomware, as was Calgary’s Ronmor Holdings. As of December 2021, Canada saw 235 ransomware attacks—and those are just the ones that were reported, according to Canada’s Communications Security Establishment.
Rising risk
A new report from Virginia-based Financial Services Information Sharing and Analysis Center (FS-ISAC) has found that high-profile cyber-attacks have risen dramatically. FS-ISAC, the only global cyber intelligence sharing community solely focused on financial services, found that several high-profile third-party incidents “have impacted the security and availability of products and services used by many financial firms, resulting in significant resources expended.”
As well, the report noted that cyber criminals are getting more sophisticated as they specialize in different stages of cybercrime. This new specialization makes it simple to buy and sell access to vulnerabilities without the knowledge needed to find them. Plus, so-called safe-haven countries have ransomware groups operating that simply shut down temporarily to avoid international law enforcement and then reopen months later with new names and little to no repercussions. FS-ISAC’s member firms also reported significant levels of phishing and business email compromise—the entry for most attacks—and persistent malware strains used for ransomware.
“The macro-level cyber landscape translates into increased cyber threat activity on a daily basis, as cybercriminals are endlessly inventive in how they gain access and leverage to extort victims,” said Teresa Walsh, global head of intelligence at FS-ISAC at the release of the report. “Phishing schemes continue to be one of the most popular tactics threat actors use to access networks. In fact, twenty-four percent of FS-ISAC member-reported incidents are phishing campaigns targeting employees.”
Closer to home
Another recent report by Aviva Canada, the Risk Insights Report, found that cyber security and cyber risks are the second-most identified risks among Canadian businesses surveyed for the report, just behind public health events. As the business world becomes more digitized with cloud-based computing, digital supply chains and online financial services, the entry points for cyber criminals have also increased.
Nearly 30 per cent of business leaders reported that cyber risks are their biggest risk, with 47 per cent of leaders in the large commercial category naming cyber security as a bigger risk than public health events. Business leaders are not only concerned about attacks themselves, but also the damage inflicted on relationships with customers and their company’s reputation.
“The pandemic has fueled an unprecedented adoption of technology and digital assets, making cyber security more important than ever. Responses to cyber incidents need to be timely and coordinated. They require experts for incident management, and specialists that can also help the business learn from the incident and proactively shore-up defenses. All this takes top technical talent, something not all businesses have in-house. Cyber insurance is a vital part of a company’s cyber security strategy. It ensures you have the resources to protect yourself if and when an incident occurs,” said Zoey Todorovic, chief information officer at Aviva Canada, in the report.
Losing more money
Not only are businesses being targeted more, they are also losing more money to criminals. The cybersecurity firm Palo Alto Networks reported last year that ransomware attacks cost Canadian businesses an average of $458,247. As well, 58 per cent of victims reported paying the ransom when demanded, and 14 per cent paid more than once. Organizations also lose more money when it comes to recovering from an attack. The same report, the 2021 Palo Alto Networks Canada Ransomware Barometer, found that 58 per cent of ransomware victims said it took a month or more to recover, 29 per cent reported recovery was more than three months, and nine per cent said it took five to six months to recover.
Be careful out there
In today’s wired world, vigilance is the first step in protecting yourself and your company’s assets. There are simple ways to help prevent falling victim to cyber crime. Get Cyber Safe is a Government of Canada initiative to promote cyber security for people and organizations, and provides advice on how to protect yourself. According to Get Cyber Safe, every company needs a cyber security plan with procedures “for everything from day-to-day operations to emergency cyber security situations.” Employees should be trained in cyber security practices to better protect themselves and the company from online threats. Access to accounts and sensitive information should only be provided to those who need it. Technology like antivirus software, password managers and virtual private networks should be deployed for additional security, and organizations need to stay up to date with software patches. In addition, cyber insurance can also help protect companies experiencing data breaches, cyber attacks, extortion and more.
As well, users should never click on unknown email links or attachments, and never open email from addresses they don’t know. Ask questions and be cautious. Remember that social media is a playground for criminals looking for victims, so don’t overshare personal information on platforms. Cyber criminals are also good at making email, social media accounts and websites look credible—exercise vigilance always. All it takes is one wrong click.