High-profile cyber incidents involving Canada’s financial intelligence unit FINTRAC, the RCMP and Global Affairs Canada since the start of the year are not isolated cases, experts warn.
They’re part of a rise in criminal cyber activity experts say is driven by tools to commit illicit acts becoming cheaper and easier to use and by insufficient cyber defences.
They warn the number and severity of attacks will keep getting worse.
“We see more data breaches, we see larger data breaches happening more often,” Canada Security and Privacy Research Chair Natalia Stakhanova said from Saskatoon.
She specified that cybercrime is not a new issue but the recent activities are “an indication that the level of the defences and protection we have in organizations is lacking.”
FINTRAC, the Financial Transactions and Reports Analysis Centre of Canada, on Sunday shut down some of its systems after experiencing a “cyber incident.”
The RCMP was hit by a “cyber event” two weeks ago, and launched a criminal probe as a result.
Global Affairs Canada saw its networks compromised in January, with an internal email seen by Global News referring to it as an “unauthorized access to personal information of users including employees.”
Oil giant Suncor reported a cyberattack last July, another cyber “incident” shut down the Toronto Public Library for months, half of B.C. businesses say they’ve been hit by cyberattacks, the Toronto Zoo had employees’ personal information stolen, and, among many other events, the City of Hamilton on Monday confirmed a ransomware attack.
“The more we rely on technologies, the more we will have these attacks,” said Saqib Hakak with the Canadian Institute for Cybersecurity, and University of New Brunswick professor.
“With more automation, with generative AI, it’s going to be much more in coming years,” he added.
Cyber criminals range from states like Russia, China or North Korea, along with those acting on their interests, according to a report from the Communications Security Establishment (CSE), Canada’s cyber watchdog. It can also include hacker friends trying to outdo each other, according to Hakak, and can steal personal financial information or state secrets, depending on who they target.
He said it can be difficult to determine who committed the act, partially because companies and agencies tend to not release details about the data leak or whatever the case may be to best maintain credibility.
Get daily National news
Hakak said artificial intelligence (AI) is making it easier for them to target more people.
“It was kind of work for a cybercriminal to, for example, write a fake story or write a fake email, a phishing email and send it,” he said.
“But now it’s just a matter of seconds, right? You just open ChatGPT: ‘Hey, you know, create a fake story for me.’”
“Right now we are talking through Zoom, right?” he asked Global News.
“How do you know it’s me? It can be my deep fake.”
Stakhanova said new techniques and rise in cyber events shows those committing them are successful and “clearly getting good payoffs.”
She pointed to Canada’s “quite vague” cyber and privacy regulations as another cause of the increase.
Without more prescriptive rules around, for example, companies purging SIN numbers for old employees, cyber criminals can access more people’s personal information.
She said that’s what could make places like zoos appealing targets.
“The government really needs to put strict regulations in place so the Canadians don’t have to be kind of watching over their shoulder all the time,” she said.
Global News asked the CSE whether any more Canadian government agencies had suffered cyber disruptions and how it is preparing the country for more cyber events.
In a statement, the Canadian Centre for Cyber Security, part of the CSE, said, “If we find malicious activity, we take action to thwart it.”
“This year, our automated defenses protected the Government of Canada from 2.3 trillion malicious actions, an average of 6.3 billion a day,” it stated.
And it said ransomware is a persistent threat and the most disruptive form of cybercrime, that critical infrastructure is increasingly at risk from cyber threats and that it regularly publishes guidance.
Stakhanova and Hakak said not having stronger guidelines puts the burden on Canadians, who should practice “cyber hygiene.”
Regina-based cyber security expert Brennen Schmidt said multifactor authentication instead of just relying on usernames and passwords can help Canadians stay secure.
“Perhaps more importantly, making sure that there’s a different and unique password for every single one of the services that you use, and maybe even administered by something like a password manager… are some really quick wins that I think that everyday folks can employ.”
Comments