Toronto’s auditor general is pushing the city to beef up cybersecurity to avoid a “devastating” data breach.<\/p>\n
In a report heading to council’s audit committee on Friday, Beverly Romeo-Beehler\u00a0says the city needs to “strengthen” information technology and security controls, adding little has been done since she\u00a0brought forward similar concerns three years ago.<\/p>\n Right now, around\u00a04,700 terabytes worth of public data are housed in various systems and computers at the city, her report notes.<\/p>\n “A single breach could have a devastating impact,”\u00a0Romeo-Beehler\u00a0writes.<\/p>\n Cybersecurity breaches\u00a0\u2014 like ransomware or phishing attempts, where high-level employees are impersonated\u00a0\u2014 have made headlines recently\u00a0in other Canadian municipalities.<\/p>\n Just this year,\u00a0city staff in Saskatoon\u00a0sent more than $1 million to a person who was using an email address to impersonate the chief financial officer for a construction company city officials were working with.<\/p>\n The city of\u00a0Ottawa’s treasurer wound up in a similar situation\u00a0and unknowingly transferred more than $100,000 to fraudsters after someone used a fake email account to impersonate\u00a0the city manager, while\u00a0Burlington officials fell victim to a “complex” $500,000\u00a0phishing scheme.<\/p>\n Cybersecurity expert\u00a0Kevvie Fowler, the global incident response leader for Deloitte, said municipalities often have a lot of assets that are desirable to hackers, including personal information like residents’ financial data, mortgage information, birth and death records, and social insurance numbers.<\/p>\n “It\u00a0definitely makes them a target from a cybercrime standpoint,” he added.<\/p>\n Fowler said all cities, Toronto included, should ensure their systems have “basic hygiene” in place.<\/p>\n That can mean cyber awareness training for workers, or putting response plans in place in case there’s a breach.<\/p>\n Alongside her new report, Romeo-Beehler\u00a0provided a series of confidential recommendations to city officials, aimed at making changes to\u00a0both the technical and culture side, along with looking at human behaviour when it comes to cybersecurity threats.<\/p>\n She noted that none of her previous recommendations from 2016, which included vulnerability assessment and penetration testing, have been fully implemented.<\/p>\n Mayor John Tory, speaking to reporters last week, stressed that the city is making an effort.<\/p>\n “This is a constant topic of concern to us, that we are working hard to ensure the data and systems maintained by the city are secure,” he said.<\/p>\n “If there’s more to be done, it will be done. Because we can’t afford to have people out there thinking the information that they share with us is at risk.”<\/p>\nCybersecurity\u00a0a ‘constant’ concern, mayor says<\/h2>\n