Investments needed in Atlantic Canadian provinces for cybersecurity, training: experts

Click to play video: 'Bolster cybersecurity investments, training: experts'
Bolster cybersecurity investments, training: experts
A new report says Atlantic Canadian companies and governments are lagging behind the national average in cybersecurity investments. With digitalization increasing and recent hacks to the City of Saint John and Newfoundland and Labrador's healthcare system, some experts say increasing threat risks means more investment and training is needed. Callum Smith reports – Jan 26, 2022

As Canadians spend more time online these days, it’s important to be aware of online risks and cyberattacks.

A new report by the Atlantic Provinces Economic Council (APEC), a Halifax-based think tank, says firms in the region are trailing in cybersecurity investments.

“Compared to the national rates, we’re behind,” says Patrick Brannon, a senior researcher for APEC. “About 12 per cent of Atlantic Canadian businesses are really adopting cybersecurity technologies. This was in 2019. Nationally, about 14 per cent. So, it doesn’t sound like a big gap, but it’s still important.”

Brannon says while bigger firms have more at stake, smaller companies aren’t immune to cyberattacks. And while the smaller organizations might not have big IT budgets, cybersecurity needs to be factored into operations.

“They need to start to dedicate some resources to cybersecurity, whether that’s working with a consultant to understand what they need to do or working with an IT organization that can give them that extra layer of security, I think it’s really important because even small companies can see pretty massive losses,” Brannon says.

Story continues below advertisement

David Shipley, the CEO of Beauceron Security and a cybersecurity expert, says Canadian businesses spend about $7 billion per year on cybersecurity, but that’s not enough.

Breaking news from Canada and around the world sent to your email, as it happens.

“It’s a time when business is being asked to step up because the threat environment has become so much more hostile,” he says. “It has dramatically outpaced our perceptions as business leaders as to what the actual risk is.”

But while investments are important, cheaper steps such as implementing multi-factor authentication and training employees to “detect, spot and report” phishing emails need to be focused on too.

He says there’s been a 350 per cent increase in ransomware attacks in 2021 compared with 2020.

A November 2020 hack shut down the Saint John municipal website, and Newfoundland and Labrador’s health-care system was brought to a standstill about three months ago.

Both jurisdictions opted for a rebuild with help from backed-up data, but Shipley says many victims paid.

“Nearly half of ransomware victims paid,” he says. “Crime, for a lack of a better word, crime paid last year.”

Story continues below advertisement

“And so they’re reinvesting and they’re going to see what they can pull out of us this year, and so we’re going to have to up our defences.”

Meanwhile, the Better Business Bureau is warning people about an “Instagram hijacking scam,” with accounts that might appear to be a friend or follower sending you a message.

“The person asks you to maybe take a survey to help them out with this new job that they got or they may even just be messaging you to say, ‘Hey, check out this cool video,'” says Kristin Matthews, the marketing and communications manager for the Atlantic branch of the Better Business Bureau. “But what actually is the case is your friend’s account has actually been hacked and it’s a scammer messaging you to try and hijack your account.”

To regain account access, she says, you likely would be asked to film a video or post that you’re investing in cryptocurrency and prompt followers to do the same. It’s not clear if your account would be turned back over, but the scammer could be contacting your followers in the meantime.

She says strong password protections are important and that you shouldn’t click any links that might be harmful.

If you’re unsure, Matthews says to contact the person who messaged you outside of Instagram.

Sponsored content