Cyber Centre again warns Canadian firms not to ignore cybercrime

Canada’s leading cybersecurity agency has again warned IT managers, corporate leaders and residents of the risks of not being prepared for cybercrime.

In what it calls a Baseline Cyber Threat Assessment on Cybercrime, the Canadian Centre for Cyber Security said today that cybercrime “will very likely pose a threat to Canada’s national security and economic prosperity over the next two years,” with ransomware “almost certainly the most disruptive form of cybercrime facing Canada.”

Fraud and scams will be the most common form of cybercrime that Canadians will see over the next two years, the report says, as cybercriminals attempt to steal personal, financial, and corporate information online.

That conclusion is identical to that in the biannual National Cyber Threat Assessment released last October, which said cybercrime “continues to be the cyber threat activity most likely to affect Canadians and Canadian organizations. Due to its impact on an organization’s ability to function, ransomware is almost certainly the most disruptive form of cybercrime facing Canadians.”

While the more detailed National Cyber Threat Assessment deals with all types of cyber threats, including those from nation-states, this latest baseline report is strictly about cybercrime.

Still, it brings in the role of other countries, declaring that “Russia and, to a lesser extent, Iran, very likely act as cybercrime safe havens from which cybercriminals based within their borders can operate against Western targets. We assess that Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals and allow them to operate with near impunity. They do so as long as cybercriminals focus their attacks against targets outside of the Commonwealth of Independent States (CIS). The CIS currently consists of Russia, Belarus, Moldova, Armenia, Azerbaijan, Kyrgyzstan, Kazakhstan, Tajikistan, and Uzbekistan.”

The baseline cybercrime report may be of particular interest to non-technical readers such as corporate managers, in that includes a brief history of cybercrime, and definitions of phishing, trojans, botnets, exploit tools and more.

It also reminds small and medium-sized businesses that they, too, are in the cross-hairs of cybercrooks who may target them in hopes of avoiding high-profile attacks that attract the attention of police and politicians.

It also reminds organizations that while business email compromise — a category of attacks where a crook by email persuades an employee to change the bank account where regular payments go to one controlled by the scammer — is very likely more common and costlier than ransomware to victims, ransomware is almost certainly the main cybercrime threat to the integrity of the IT systems of the nation’s critical infrastructure. And critical infrastructure basically includes every organization outside retail.

The report also reminds readers that ransomware gangs spread their attacks widely rather than focus on a few sectors. Last year, the biggest target in Canada was the manufacturing sector, accounting for 18 per cent of attacks, followed by business and professional services firms (14 per cent).

Ransomware graphic from Canadian Centre for Cyber Security 2023 cybercrime report
Canadian ransomware victims 2022 by industry sector.

Ransomware gangs want to extort money, steal intellectual property and proprietary business information, and obtain personal data about customers, the report notes.

It notes that cybercriminals are likely to continue compromising managed service providers (MSPs) – companies that host and manage customers’ IT resources. And it reminds readers that internet-connected operational technology (OT) systems that run factories, energy pipelines, and farm systems, are also possible targets.

“So long as cybercriminals can extract financial profit from Canadian victims, they will almost certainly continue to mount campaigns against Canadian organizations and individuals,” the report concludes. “Moreover, cybercriminals continue to show resilience and an ability to innovate their business model to remain profitable.”

As cybercrime activity continues to rise, Canadians must take the necessary measures to mitigate the risks, Sami Khoury, the head of the Cyber Centre, said in a statement. “The good news is that even the most basic cyber security measures can help prevent cyber incidents. We encourage Canadians and Canadian organizations to engage with us to obtain trusted advice and guidance on cyber security. Collaboration at all levels is key as we work to minimize the impacts of cybercrime in Canada.”

The Cyber Centre advises both the federal government and businesses on cybersecurity. It’s a branch of the Communications Security Establishment (CSE), which is responsible for securing federal IT networks and communications. The CSE is part of the Department of National Defence.

Want guidance on how to fight cybercrime? The Cyber Centre has this site where IT pros can search for particular advice.

For starters, there are reports on foundational cyber security actions for small organizations, security considerations for websites, and how to prevent and recover from ransomware. There’s also a ransomware playbook for defenders.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs