If critical infrastructure is Canada’s newest vulnerability to watch in the 21st century, then cyberattacks are Canada’s biggest threat to watch.
The term cyberattack covers a large number of different threats related to computers. It describes anything from spyware which passively watches anything an infected computer does, to ransomware, which threatens to destroy the compromised system unless the attacker is paid.
Despite this variety, all cyberattacks share these traits: they are inexpensive and low-risk means of targeting critical infrastructure, but can still cause massive damage if they are successful.
Unfortunately, the world is not taking this threat seriously. According to the World Economic Forum, approximately $84 billion USD was spent worldwide to prevent cyberattacks from taking place in 2016. In comparison, successful cyberattacks caused a stunning $2 trillion USD in damages!
No single attack emphasizes how disastrous successful cyberattacks can be than the WannaCry cyberattack from this May. A single cyberattack managed to compromise the computers of important services worldwide. The UK’s National Health Service, China’s National Petroleum and Russia’s interior ministry are just a few examples of important organizations that were paralyzed during the four days it took to handle the threat!
While Canada managed to avoid WannaCry, this was mostly thanks to luck. Wannacry lacked a particular target and just indiscriminately attacked computers worldwide.
In today’s threat environment, this will not always be the case, as Canada is the explicit target of many cyberattacks!
According to VICE News, Canada is targeted by at least 25 different coordinated cyberattacks every day, many of which target critical infrastructure or valuable private sector targets.
Worse yet, cyberattacks are steadily growing bigger and attacking higher priority targets. For example, the Bank of Canada’s annual cybersecurity review showed that it had received 15 million infected emails in March 2016 alone!
These attacks show no indication of stopping either. For example, the Communications Security Establishment has released credible warnings stating that foreign states are planning to interfere with our federal elections in 2019 by gaining key information through cyberattacks!
Knowing that these threats are coming our way, we must be prepared to deal with these threats.
Currently, Canada is not even close to being able to handle cyberattacks, mostly because both the public and private sectors are not adapting to this threat!
According to a Deloitte survey, only 9% of Canada’s organizations from both the public and private sector can be considered highly secure against cyberattacks. Further, 68% of Canada’s organizations lack the ability to recover from successful cyberattacks!
This is only made worse by the fact that our government has been incredibly slow to adapt as well. We are still using the same cybersecurity strategy that we are using in 2010, despite the fact that the technology, strategies and defence tactics related to cyberattacks have all completely changed since that point in time!
While both Public Works Canada and the Department of National Defence have recently held consultations to update our cybersecurity system, the fact remains that we are still using a 7 year-old system! There is a need for immediate change.
Please look forward to my next blog, as I conclude on this topic by discussing a few steps that Canada can take to secure itself against cyberattacks!