TORONTO – So far this year government bodies, retailers and millions of everyday web users have been the target of cyber-attacks.
In September, 56 million Home Depot customers in Canada and the U.S. were affected by a data breach that stemmed from malicious software designed to steal credit card information. Five months prior to that, 900 social insurance numbers were stolen from the Canada Revenue Agency’s website by a hacker exploiting the Heartbleed bug.
And those are just some of the most high-profile examples.
But a new study from the Pew Research Center suggests the worst could be yet to come.
Pew asked 1,642 experts the question, “By 2025, will a major cyber-attack have caused widespread harm to a nation’s security and capacity to defend itself and its people?”
Sixty-one per cent of experts answered yes, while 39 per cent said no.
Those who answered ‘yes’ said attacks could come in the form of pranksters who find ways to disrupt the “Internet of things” by hacking web-connected home appliances, or something as serious as cyber terrorism.
READ MORE: Cyber-attacks an ongoing threat to business
However, most agreed that everyday web users and businesses continue to be heavily targeted.
“There was considerable agreement among these experts that individuals could be more vulnerable and businesses could persistently be under attack,” said Lee Rainie, co-author of the report and director of the Pew Research Internet Project.
“They said essential utilities are a vulnerable target and theft and economic disruptions could be substantial.”
The findings may seem alarmist to some, but cyber security expert Tamir Israel said Pew’s study highlights the reality of the digital age.
“We have a lot more information moving online and there is great value in that information,” said Israel, who works as a staff lawyer at the Canadian Internet Policy and Public Interest Clinic.
“There is a dollar figure on this information.”
Israel added it’s inevitable that we see a gradual increase in cyber-attacks, largely due to the way our technology has advanced.
Historically, information was stored on physical devices, which meant data breaches often occurred after someone misplaced a hard drive with user information on it. But as we move into a world where all of our information is stored in online databases, it becomes more accessible to skilled hackers.
The tricky part is most of the onus to protect that data lies on the company storing it.
Israel said this is why there needs to be a better focus on online security as a whole.
“There are going to be ways in which we do things much more securely than we do now,” he said. “We are going to have to start doing security a lot better.”
A number of experts in Pew’s study pointed out the potential for an increase in cyber terrorism.
“Cyber-attacks will become a pillar of warfare and terrorism between now and 2025. So much of a country’s infrastructure – commerce, finance, energy, education, health care – will be online, and gaining control of or disrupting a country’s online systems will become a critical goal in future conflicts,” Joe Kochan, expert with US Ignite, said in the study.
Others pointed out as crucial services like power grids, water systems and even things like traffic lights move to online control systems, major cities could become targets for web-warfare.
But though the threat of cyber terrorism is real, Israel argues these kinds of attacks aren’t likely to take place any time soon.
“This isn’t new – we’ve been hearing this for a good five to 10 years now,” he said.
“It’s conceivable, but there aren’t as many targets that are accessible right now.”
Instead, we should be worried about hackers targeting the Internet of things, he said.
“Things like driverless cars that are connected to a network… that’s where we might have to worry,” said Israel. “And it doesn’t have to be a terrorist, it could be a prankster.”
Is there anything users can do to protect themselves?
While high-profile cyber-attacks may be out of the realm of things we can control, users can protect themselves from smaller breaches by practicing due diligence with online security.
Israel encourages people to practice good “data hygiene,” by using secure passwords and educating themselves about encryption practices.
Additionally, the expert suggests that people subject themselves to a credit check once a year to make sure no unauthorized accounts have been opened in their names.
“It could be an early sign that someone got a hold of something like your social security number and started an account in your name,” he said, adding that victims of identity theft who had their information stolen online may not see the signs until months later.