• Home
  • /Learn
  • /New Canadian Cyberattack Data Says 80% of SMBs Are Vulnerable
background image


New Canadian Cyberattack Data Says 80% of SMBs Are Vulnerable


A recent Small and Medium-Sized Business Vulnerabilities Report (SMBVR) found that 80% of small businesses are vulnerable to cyberattacks. Worse, most of these vulnerable businesses operate in the critical finance and healthcare sectors. The data came from 19,000-odd companies operating in Canada and the US spread over 16 key industry segments. This insight into the Canadian cyberattack data is significant because of increasing security incidents and the government’s efforts to strengthen the technological landscape.

Three critical vulnerabilities revealed by the Canadian cyberattack data

The recent Canadian cyberattack data found three significant vulnerabilities across all sectors:


Spoofing is a widespread problem that affects small and medium businesses. Spoofing means masquerading or impersonating someone trusted to induce the gullible into acting in a particular manner. Spoofing involves two distinct traits: 

  1. Creating fake social media accounts, websites, or fraudulent emails.

  2. Social engineering.

Cybercriminals leverage spoofing to steal sensitive data. Spoofing entails serious consequences for SMBs, like loss of money and customers, missed opportunities, and even regulatory intervention. 

While cybercriminals evolve newer techniques to target SMBs, a few precautions and constant vigil can prevent severe damage: 

  1. Verify all identification information, including the company’s name, address, and employee details.

  2. Create strong and complex passwords to make it difficult for malicious players to gain access to your accounts.

  3. Inspect email headers and metadata to ascertain the sender's authenticity and the mail's veracity.

  4. Use throwaway emails while registering to sites.

  5. Keep your computer systems up to date. Install the latest software and security patches.


Clickjacking is a cyberattack in which an attacker tricks a user into clicking on a link that takes them to a website where they get exploited. It can include using unexpected or deceptive pop-ups, fake web pages, and even specially crafted links sent through email. Clickjacking can have severe consequences for SMBs as these businesses often have fewer resources to deal with attacks. Any compromise can lead to user data ending up in the wrong hands.

SMBs must allocate resources to invest in robust security measures, such as anti-spyware software and firewalls, and train employees on cyber hygiene.

Session riding 

Session riding affects most small and medium-sized businesses. It involves accessing customer data or launching online attacks to steal valuable information. Session riding is a serious issue because it can have far-reaching consequences for your business. There are several ways that session riding attacks work:

1. By replicating the functionality of legitimate applications, attackers create fake applications that appear as if they are from trusted sources. These fake applications can access sensitive information or take malicious action on the target system.

2. Using automated tools and techniques, attackers can easily inject malicious code into legitimate websites. This way, the attackers gain persistent access to resources on the target system.

3. By exploiting vulnerabilities in web browsers, attackers can access privileged information and take over systems remotely. This attack is hazardous because it does not require users to execute malicious code.

One of the best ways to avoid session riding is to use unique passwords for each website and application to reduce the risk of session riding.

A Closer look at Canada's most vulnerable Industries


Spoofing vulnerabilities were notably widespread among physicians (90%) and hospitals (87%). Hospitals are also the most vulnerable to clickjacking (79%), while physicians are the most susceptible to session riding (63%). These demonstrate the critical need to secure these businesses.

Finance services

According to Canadian cyberattack data, 82% of law firms were susceptible to spoofing, 73% were vulnerable to clickjacking, and 63% faced a session-riding threat. Spoofing threat was common among investment advisors (89%), with session riding clocking a 57% possible occurrence rate.


Colleges and universities in Canada appear to be particularly vulnerable to spoofing assaults (84%), far higher than in the United States (59%). With access to school records and financial information, these institutions need increased cybersecurity investments to prevent potential threats.


Security incidents can lead to data, monetary, and a loss of trust. The new Canadian cyberattack data demonstrates why it is so important to strengthen security. SMBs must invest in robust security measures and train staff on cyber hygiene to reduce the risk of cyberattacks. Additionally, organizations should ensure that their systems are up-to-date with the latest software and security patches. By doing so, they will be able to mitigate malicious attacks and protect customer data from falling into the wrong hands.

Packetlabs’ penetration testing services can help these industries effectively find and address existing vulnerabilities. Our ethical hackers simulate attacks to reveal exploits and prepare a detailed report to chart the future course of action to improve your security posture. Contact us to learn how you can actively target spoofing, clickjacking, and session-riding attempts by malicious players.

Have Questions? Need a Quote?

Contact our team today to see how we can help improve your security posture. Get a no-obligation quote and a copy of our sample report to help you get started.