Reports

Serious Cyber Threats Affecting Canada

______________________________________________________________________________________________

      Since January, Canadians have been hearing a lot in the media regarding waves of cyber attacks that have been targeting Canadian government departments, such as the Department of Finance, and the Treasury Board. But the government is not the only organization being targeted and affected by these cyber criminals. So are Canadian companies, and even Canadian citizens.

     A 2010 study by Rotman-Telus showed that, in 2010 alone there were 9 publicly traded companies with network security breaches, 12 privately own companies, and 23 Government network security breaches. These numbers are unprecedented, especially considering that cyber attacks on Canada have more than quadrupled since 2008. Refer to graph below.

     The Government departments hit by the attacks were the Department of Finance, the Treasury Board, and Defense Research and Development Canada. The attackers were able to gain accesses to these networks using spear phishing attacks on senior government officials. While these departments say no vulnerable information was stolen, CSIS stated in their latest annual report that, “These actors pose a growing threat to national security as they target government, business, educational and private computer systems to acquire technology, intellectual property, military strategy and commercial or weapons-related information, as well as details of national strategies on a variety of domestic and foreign issues.”

     The attacks on the private sector are also a great cause for concern. This is because, if the attackers get their hands on company secrets, they then can turn around, go to another company in a different country and sell this information to them. This gives the foreign companies a foothold over the Canadian companies, which may intern effect the Canadian economy in a negative way. The two largest companies hit by these attack were, the World Anti-Doping Agency, and the Canadian information-technology company.

     Spear phishing is not the only form of cyber threats effecting Canada to day. On January 27, 2011 the Bruyere Family Medical Centre in Ottawa announced that in October, there were two computers containing personal information of over 60,000 patients stolen from the center. The information included dates of birth, health card numbers, and even addresses and telephone numbers. If the thieves wanted to utilize the information, they would be able to use a patient’s health card number that they have access to on these stolen computer, and access medical services under that patients name. This means that in theory they would be able to sell this information, your information to anyone who may want to buy it. This is just one example of constant cyber attacks effecting Canadians, there are instances such as credit card fraud that happens in a large scale in the cyber world all the time.

     What is even more disturbing than all these cyber attacks is the fact the federal government spends so little on cyber security. In the 2010 report by Rotman-Telus it showed, that only 1-2% of the government spends more than 25% of the information technology budget on security, and 16-25% spends 0% of the budget on security. Refer to graph below.


     If the number of attacks is to cease or at least decrease, the Government of Canada as well as public and private companies need to start spending more on internet security. As the numbers increase so does the threat to government, business, citizens, and our economy.

 


 References

 http://www.bbc.co.uk/news/world-us-canada-12498254

http://www.cbc.ca/news/politics/story/2011/08/03/pol-government-hackers.html

http://promo.telus.com/2010/Manage_Risk/thankyou.html

http://www.vancouversun.com/news/Massive+cyber+attack+Canadian+government+companies/5199110/story.html

http://ottawa.ctv.ca/servlet/an/local/CTVNews/20110125/OTT_Bruyere_110125/20110125?hub=OttawaHome

http://www.csis-scrs.gc.ca/pblctns/nnlrprt/2009-2010/rprt2009-2010-eng.asp

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.