According to a recent study by Cybersecurity Ventures, the estimated financial loss caused by ransomware cyber attackers in 2021 is 20 billion US dollars. This projection is a whopping 57 times the figure predicted in 2015 by the same organization.
However, despite these estimates, when it comes to cybersecurity preparedness, the International Telecommunication Union (ITU), in its recent Global Cybersecurity Index report, has placed Canada in a distant 8th position compared to the 2nd place America occupies.
Canada ranks behind countries such as Lithuania and Malaysia, according to the report.
What America is doing:
The United States Announces Incredibly Big Rewards for Information on Cyber Attackers
The U.S. Department of State’s Rewards for Justice Program recently offered up to 10 Million US dollars for information on cyber attackers working against US interests.
In comparison, the Program offers 7 million US dollars for information on the current leader of al-Qa’ida, Abu Ubaidah Youssef al-Annabi, indicating cyber attackers pose a more significant threat to national interests than even top terrorists do.
The U.S. is counter-attacking ransomware hackers
A sneaky cyberattack is akin to a burglar ransacking your home and stealing your precious possessions in your absence. Even worse, a ransomware threat is like an armed robber who puts a gun to your head and demands your possessions while threatening to harm your family members and you.
To counter the malicious threat of ransomware, the United States Department of Justice has launched the website StopRansomeware.gov, a much-needed outcome of a close collaboration between various U.S. government agencies.
The website consolidates ransomware resources from key government agencies. Previously, organizations and individuals had to rely on several sources of information for the latest updates, resources and alerts on ransomware. Notably, multiple sources of data increase the probability of confusing narratives about a given threat.
This website operates as a single source of truth, which is critical in the fight against cybercrimes. The website will also include guidance on how to report ransomware attacks.
All hands on deck
The following American agencies are coordinating their efforts to ensure the success of StopRansomeware.gov.
● Cybersecurity and Infrastructure Security Agency
● American Secret Service
● Department of Justice FBI
● National Institute of Standards and Technology
● Department of Treasury
● Department of Health and Human Services
In addition, the U.S. government has involved external cybersecurity experts to constructively report cybersecurity vulnerabilities with the “Hack the Pentagon” pilot program.
Furthermore, U.S. federal agencies are required to enable the disclosure of security vulnerabilities. A vulnerability disclosure policy facilitates an agency’s awareness of otherwise unknown vulnerabilities. It commits the agency to authorize good faith security research and respond to vulnerability reports and sets expectations for reporters. When federal agencies integrate extensive reporting of cyber threats to their cybersecurity risk management methods, they obtain reliable information necessary to mitigate a vast assortment of cyber risks.
In general, we sum up the difference between how the U.S. and Canada manage their respective cybersecurity risks as follows:
While the U.S., in the past few years, has initiated coordinated efforts with an open call to all qualified professionals who can help constructively, Canada seems to lack both coordination and transparency in its cybersecurity strategy.
Is Canada lagging in its cybersecurity efforts?
Canada does not have an inclusive, coordinated cybersecurity program–such as the one the US is undertaking. It may be time for the government to consider a more resilient system under the constant onslaught of myriad malicious players on the Internet who steal data and information for a living.
The Canadian government does not explicitly welcome cybersecurity information from external experts, as the U.S. government does. Canadians are unclear on processes related to reporting observed vulnerabilities. In the absence of a regulated reporting mechanism, a real threat exists of publicizing a cybersecurity vulnerability before a fix is available for it. A lack of a formal, published reporting framework has the potential to aggravate the risk of cyberattacks.
Canada is also falling behind its G20 peers. Most of Canada’s G20 peers have clear reporting guidelines without compromising an individual or organization’s security. Canada[WU2] lacks this mechanism.
While cybersecurity experts can report potential risks, suspicious incidents and other vulnerabilities to the Canadian Centre for Cyber Security, the definitions of such incidents seem to limit reporting to only those incidents that are weaponized.
Most G20 governments (including the U.S. and British governments) have committed themselves to the issues raised by cybersecurity experts. The Canadian government is yet to make similar commitments.
Canada was the third most cyber-attacked country in 2017 (please see Symantec, 2017 Internet Security Threat Report, Page 50). We as a country must analyze and manage our future cybersecurity plan more inclusively and transparently.
The Internet is an open medium, with privately owned entities as a bulk of its constituents. Nations must transcend the traditional security mindset limited to geographical borders and government institutions to involve as many competent and well-meaning parties to mitigate the impending malicious cyber-attacks.
Malicious cyber attackers are all over the world. For example, Russia is engaging in hybrid warfare that involves state-sponsored cyberattacks on North American countries. Chinese cyber attackers are engaging in cyber exploits for financial gains. Knowing this, Canada is at risk of a large-scale cyber attack by big state players.
While, as of now, Canada may not have a robust federal plan or strategy compared to that of the states, there are tactics you can implement to ensure your company is safe. At Packetlabs we suggest creating a comprehensive cybersecurity plan.
Packetlabs offers a wide array of security services to support your cybersecurity strategy and protect your company assets against cyber attackers, including infrastructure penetration testing, application testing, and purple team exercises. Contact us for a free, no-obligation quote.