“Cybercrime is the most common cyber threat that Canadians and Canadian organizations are likely to encounter.”
–Canadian Centre for Cyber Security
In 2020, 3 in 10 Canadian organizations saw a spike in cybercrime volume during the pandemic. 25% experienced a breach of customer and/or employee data; 38% didn’t even know if they had experienced a breach. Even more worrying, only 36% of organizations that experience a cybercrime are likely to inform a regulatory body, down from 58% in 2019.
Following the COVID-19 outbreak, organizations have been forced to move millions of people to remote work. Remote work creates numerous security gaps that cybercriminals take advantage of to perpetrate cybercrimes, thus creating a very serious cybercrime situation in Canada. It’s likely to get worse in the next few years.
So, what is Canada doing to mitigate cybercrime?
Fighting Cybercrime in Canada with Information
In the 2018 National Cyber Threat Assessment (NCTA), the Canadian Centre for Cyber Security stated that “cyber fraud and extortion attempts directed at Canadians are becoming more sophisticated,” and “Canadians’ exposure to cyber threats has increased due to the prevalence of Internet-connected devices.”
The Canadian Centre for Cyber Security reiterates these messages in the 2020 NCTA. It also states that Canadians are now even more vulnerable to cybercriminals looking to take advantage of their victims’ online presence to steal their data, hold it for ransom, or even destroy it. The NCTA identifies five key trends that will drive the evolution of the cybercrime landscape in the coming years:
More physical safety of Canadians is being put at risk
More economic value is at risk
More collected data increases privacy risk
Commercialization of advanced cybercrime tools
Foreign nations trying to influence Canada to adopt government-controlled Internet governance
The NCTA also outlines the cybercrime risks to both Canadian businesses and individuals, such as fraud, extortion, cryptojacking, ransomware, Big Game Hunting, Intellectual Property theft and supply chain attacks.
Reducing exposure to and even preventing cybercrime in Canada starts with information, even if it’s disturbing. On this front, the Canadian authorities, especially the Canadian Centre for Cyber Security, are doing a great job.
Fighting Cybercrime in Canada with the Law
Since April 2000, Canada has had a broad security law aimed at protecting consumer data in the event of a cybercrime: Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA includes a strong breach notification rule, say, in the event of a ransomware cybercrime in Canada.
With the National Cyber Security Strategy, first launched in 2010, the Government aims to shape and sustain the country’s cybersecurity and cyber-resilience. One of its goals is to protect individuals, businesses and critical government systems from cybercrime in Canada. It also outlines how the Government will support research, education and digital innovation to improve the country’s ability to respond to and withstand evolving cybercrime threats.
The strategy also supports the creation of the RCMP’s National Cybercrime Coordination Unit (NC3). The NC3 works with law enforcement, civilians and international partners like FBI, INTERPOL and Europol to “help reduce the threat, impact and victimization of cybercrime in Canada.” Furthermore, it will act as a coordination investigations hub for cybercrime in Canada, provide digital investigative support to Canadian law enforcement, and establish a national reporting framework for Canadians to report cybercrime (see below). The NC3 is expected to reach full operating capability in 2023.
Fighting Cybercrime in Canada with Fraud Prevention
The primary mandate of the Canadian Anti-Fraud Centre (CAFC) is to collect information on past and current fraud and identity theft scams affecting (or likely to affect) Canadians. It thus plays an important role in educating Canadians about this type of cybercrime.
Through the CAFC, Canadian individuals and businesses can:
Learn about the different fraud types
Recognize the warning signs
The CAFC, jointly managed by the Royal Canadian Mounted Police, the Competition Bureau Canada and the Ontario Provincial Police, also works with law enforcement to identify, address and prevent cybercrime in Canada, and protect Canada’s economy from damaging financial impact.
The NC3 is also setting up a new cybercrime and fraud reporting system, which will become operational in 2022. Through this system, any victim of or witness to cybercrime or fraud can report it online. The NC3 will use the system to find links between similar fraud reports across Canada and internationally, identify, prioritize, and address reported cybercrime fraud. Until the new system is complete, Canadians can report fraud on the existing CAFC Fraud Reporting System.
Cybercrime in Canada is an ongoing and increasingly serious problem. Fortunately, the country is taking steps to mitigate its impact. Nevertheless, organizations should also take steps to protect themselves from cybercrime. Protection includes conducting regular, manual penetration testing on their enterprise networks, devices, software and data. To know more, explore our blogs on penetration testing here, or get in touch to schedule a penetration test in your organization.