Advertisement

Cybersecurity expert believes Saint John should be more open about cyber attack

Click to play video 'Cyber security tips to avoiding scams' Cyber security tips to avoiding scams
We are all spending more time online these days and it's important to know how to protect yourself from potential scams. Ryan Vestby from CompuVision joined Global News Morning Edmonton to share some tips to stay secure online – Dec 21, 2020

A cybersecurity expert believes the City of Saint John could be more forthcoming with information about a cyberattack that crippled its IT network two months ago.

The ransomware attack on Nov. 13, 2020, forced the disabling of the city’s website, online payment systems and other network infrastructure. Temporary systems have allowed the website and some programs to return.

John Collin, Saint John’s city manager, provided an update to Saint John Common Council on Monday. He said the penetration of the virus into the network was “extensive,” and because of that, he said the city will build a brand new network rather than try to fix the old one.

Read more: New Brunswick city rebuilding its IT system after major cyber attack in November

Collin said he would not provide specific information about what parts of the network have been impacted by the attack, although he reiterated a previous statement that residents’ personal information appeared to be safe.

Story continues below advertisement

Richard Rogerson, managing partner of cybersecurity firm Packetlabs Ltd., said he’s pleased with Saint John’s handling of the situation so far.

But he said it’s concerning the City is not being more open about the nature of the attack.

“Why were they hesitant about sharing information about what systems were impacted because of the fear of copycat?” Rogerson asked.

“To me, that means there is something that is very insecure in the (network) environment and that kind of worries me.”

Rogerson said officials need to be as transparent as possible about what happened, including how the virus entered the system and what areas were affected.

Read more: Saint John’s recovery from cyberattack to stretch into 2021

Collin stressed Saint John had not paid a ransom, and would not do so without the approval of Common Council.

Rogerson said no community should pay a ransom because they are simply funding the hackers as they identify their next targets.

The cyber attack has not stopped others from attempting to corrupt the system.

Collin said the city’s security team had identified 13,000 suspicious and malicious emails sent to users of its network in the last three weeks.

Story continues below advertisement
Click to play video 'Saskatchewan eHealth ransomware attack called one of province’s largest privacy breaches' Saskatchewan eHealth ransomware attack called one of province’s largest privacy breaches
Saskatchewan eHealth ransomware attack called one of province’s largest privacy breaches – Jan 8, 2021