“The vast majority of cyber incidents in Canada could be prevented with basic cyber security practices”

We live in a society that is increasingly connected and dependent on information shared online. This is valid both on a professional and personal level. Our technological “dependence” has been magnified by the pandemic, as businesses and services have been forced online. While this new predominantly digital economy brings benefits and convenience to people’s lives, it also comes with a caveat. This increased internet traffic has ushered in a surge of cyber crimes and malicious web activity.

That’s why, in this highly technological scenario, rates of cybercrimes are rising, causing monetary damages to individuals, companies, and governments every year.  According to a Panda Security survey, the cost of cybercrime worldwide will reach $6 trillion by the end of 2021. In Canada, official data indicates that the number of cases of this type of crime is on the rise – with a record of 63,523 cases in 2020. From 2016 to 2020, cybercrime has become almost three times more frequent in the country.

Cyber security has become an increasingly pressing issue not only for big organizations and governments but also to ordinary people. After all we humans are the ones behind the machines and in control of them. In this technological universe cybersecurity has become a priority and despite investments in new securities, the cybercrimes and attacks keep happening. 

To talk about this type of crime and the importance of cyber security, and to learn some tips from experts in this field, we interviewed Evan Koronewski, Media Relations and Public Affairs from the Canadian Centre for Cyber Security, which is Canada’s authority on cybersecurity. The Cyber Centre works with united existing operational cybersecurity expertise from Public Safety Canada, Shared Services Canada, and the Communications Security Establishment in to one high-functioning, responsive organization. Together they lead the government’s response to cyber security events and works to protect and defend the country’s valuable cyber assets, working side-by-side with the private and public sectors.

Milénio Stadium: Can you tell us in a simple way, what is cyber security and why is so important?

Evan Koronewski: Cyber security is the practice of defending digitally connected devices (such as computers and mobile devices) and data, by using technologies, processes, and controls to protect them from cyber attacks. It aims to reduce the risk of cyber-attacks and protect against the unauthorized exploitation of systems, networks, and technologies. It is a shared responsibility, and we all have a role to play in cyber security. Canada is one of the most connected countries in the world. A safe and secure cyber space is important for Canada’s security, stability, and prosperity.

The interconnected nature of the threats we face as a country demonstrates that effective cyber security requires collaboration. CSE’s Canadian Centre for Cyber Centre (Cyber Centre) works closely with government, industry partners, and the public to share our unique knowledge and experience to improve the cyber security of Canada and all Canadians. We must all work together to make Canada safer online.

The COVID-19 pandemic has demonstrated just how much the Canadian economy relies upon our digital infrastructure. Protecting that infrastructure—the hardware and software, and the supporting supply chains—is critical to our national security and economic prosperity. The vast majority of cyber incidents in Canada could be prevented with basic cyber security practices.

MS: Is cybercrime increasing in Canada?

EK: As outlined in the Cyber Centre’s National Cyber Threat Assessment report (NCTA 2020), we have observed over the last two years the number of cyber threat actors is rising and they are becoming more sophisticated. Cybercrime continues to be the cyber threat that is most likely to affect canadians and Canadian organizations, and we judge that ransomware directed against Canada will almost certainly continue to target large enterprises and critical infrastructure providers. We assess that these threat actors will almost certainly continue using thematic lures for malicious phishing attempts, including COVID-19 and health-related themes. Canadians and Canadian organizations will almost certainly continue to face online fraud and attempts to steal personal, financial, and corporate information. Cybercriminals will continue to target Canadians and Canadian organizations in an effort to defraud them and extort money through ransomware.

MS: What are the different types of cybersecurity threats? We hear a lot about stealing information and personal data. Are these the most common crimes in this field?

EK: At the beginning of the COVID-19 pandemic and throughout, we have assessed that national and international public health organizations will almost certainly continue to be targeted by cyber threat activity such as ransomware, information and credential theft, and distributed denial of service (DDoS) attacks. We assessed that cyber threat actors will almost certainly continue to target hospitals, medical clinics, and other front-line services involved in COVID-19 responses around the world. There are many different types of cyber security threats that have become more prevalent throughout the COVID-19 pandemic, such as phishing scams.

MS: Cyberattacks are becoming more sophisticated. What are the top cybersecurity challenges?

EK: The digital landscape is constantly evolving, and the tools used to perpetrate cyber-attacks are more readily available than ever for cybercriminals and threat actors. This makes staying on top of cyber security and new and developing threats a challenge. Canadian small and medium businesses, as well individuals, are just as likely to fall victim to cybercrime. The technology and the knowledge needed to perpetuate ransomware attacks are readily available at low cost for cybercriminals, as noted in the NCTA 2020 report. Cybercriminals typically cast a wide net, usually with phishing campaigns, and still yield a large payday from minimal effort. For larger organizations who cannot tolerate disruptions in their day to day operations, preventing them from falling victim to “Big Game Hunting” is key. This is when larger businesses are specifically targeted by a threat actor or cybercriminal. These organizations are likely to pay hefty ransoms to restore operations, which is why they are often targeted.

MS: According to experts, cybersecurity is no longer something businesses of any size can ignore. How can we educate people and corporations in dealing properly with online information and data?

EK: Finding trusted sources of information is key. Many of the threats we have identified can be mitigated through cyber hygiene and awareness, as well as best practices in cyber security. Canadians can stay informed by visiting GetCyberSafe.gc.ca or Cyber.gc.ca for more tips on how to stay cyber secure, from advice and guidance, to training opportunities. The Get Cyber Safe campaign is Canada’s national public awareness campaign, created to inform Canadians about cyber security and the simple steps they can take to help protect themselves online. We publish clear and engaging content that explains cyber security in easy-to-understand terms. Get Cyber Safe leads the government’s effort around Cyber Security Awareness Month in October, and we continue to work collaboratively with all levels of governments across the country and with private sector partners. Understanding how cyber attacks occur can also help individuals and organizations stay safe. Since cybercriminals take advantage of technical and human vulnerabilities, the best way to safeguard your business against the risk of cybercrime, such as ransomware, is to practice cyber security best practices.

MS: Can you provide us some tips to avoid cyber attacks?

EK: While it may not be possible to entirely eliminate cyber threats, Canadian businesses and organizations can significantly reduce the risk and be better prepared by taking a few important actions, starting with:

Provide security awareness training for employees: Email phishing is the most common method that attackers use to spread ransomware. Regardless of what security features are installed on someone’s device, if a malicious link is opened, that device could be compromised. Therefore, it is important that employees know how to recognize phishing attempts, and that there is a procedure in place for employees to report them to the organization’s IT desk.

Patch operating systems (OS) and third-party apps: Unpatched and unsupported operating systems are easy vulnerabilities for cyber threat actors to exploit. Be sure to keep your OS and all third-party apps patched with the newest updates.

Disable macros: Several ransomware strains are sent as Microsoft Office attachments. When a user opens the attachment, they are asked to enable macros to see the contents of the document. Once they enable macros, the actual ransomware payload will download and execute. Keep macros disabled by default, and make sure employees are aware that a prompt to enable macros can be a red flag.

Use least privilege: Users should only have the minimum amount of access required to fulfill their job duties. Restrict administrative privileges as much as possible, and ensure administrative users are required to confirm any actions that need elevated rights.

Back ups: Be sure to perform frequent back-ups and store them offline. If ransomware is planted on just one device, it can spread across your entire network quickly and covertly. Make sure your back-ups are not connected to the Internet or any local network.

Practice recovering: Organizations should run a simulated ransomware event and practice recovery procedures. How long would it take you to get yourself back online? For many organizations, it takes a lot longer in practice than anticipated. These exercises can show you what to focus on to improve your recovery procedures. Together, these steps can help you create a strategic plan for preventing and recovering from ransomware. Various cyber-attacks should be included in your business continuity planning (BCP) so that the level of impact and how quickly you need to get your devices back up and running is understood.

MS: Cyber Security Awareness Month is an internationally recognized campaign held each October to help the public learn more about the importance of cyber security. In Canada, have you noticed an improvement in awareness regarding online threats?

EK: The Cyber Centre continues to develop partnerships with organizations across Canada and engage Canadians via multiple online forums and social media channels. Although it is hard to qualify whether we have noticed an improved overall awareness in cyber security, we have found that more and more Canadians are reading our advice and guidance published on Cyber.gc.ca and GetCyberSafe.gc.ca. We have also continued to see increases in the number of users following our social media channels. We should also note that throughout 2020, the Cyber Centre held weekly video calls with over 100 representatives from the health sector to share practical advice and answer questions about cyber threats. Furthermore, in 2020-2021, the Cyber Centre forged new partnerships in 16 critical infrastructure sectors, such as health, safety, food, water, energy, transport, finance, manufacturing, information, and communications technology (ICT), academia, innovation, federal government, provincial / territorial / municipal government, democratic institutions, small and medium organizations, and Canadian citizens. This is crucial, because, as we stated in our 2020 National Cyber Threat Assessment, Canada’s critical infrastructure will almost certainly continue to be a target for both criminal and state-sponsored cyber threat activity.

Lizandra Ongaratto/MS