Canada Considers Mandatory Reporting Of Cyber Attacks

Uploaded on 2022-07-14 in FREE TO VIEW, GOVERNMENT-National

Canada’s Public Safety Minister Marco Mendicino has said recently that the federal government is looking into requiring Canadian businesses and companies to report cyber attacks. “We are considering very carefully, this is an option,” Mendicino told members of the Public Security and National Security Council.

Mendicino also warns of increased risk of cyber attacks from Russia and others amid a global threat environment that continues to shake the foundations of the post-second World War international order. 

Canada’s public safety minister says the federal government is weighing introducing mandatory incident reporting for cyber crimes to better understand their prevalence domestically and how to prevent them going forward. Speaking to the House of Commons Public Safety and National Security committee about Canada’s security posture in relation to Russia, Mendicino said the government is on “high alert” for cybercrime activity.

“I cannot emphasise enough how important it is that in the current geopolitical environment within which we find ourselves that we are very much on high alert for potential attacks from hostile state actors like Russia, which could manifest through cyber attacks, through ransomware, which look to identify potentially valuable targets to Canadian interests, like critical infrastructure,” he said.

Asked by NDP MP Alistair MacGregor whether Ottawa is considering making it mandatory for all sectors, the minister said “I absolutely think it's something that we need to be considering, for sure, yeah, it's an option that we're considering very carefully.” MacGregor said the committee has heard from some witnesses who have called for mandatory incident reporting. "Sometimes businesses are loath to report that they have been held hostage by ransomware," MacGregor told Mendicino. "They find it's easier to pay off the person, not report it. Also, there can be a threat for further damages if they do in fact report to the authorities.

Mendicino warned MPs on the committee that the current international situation has increased the threat of cyber attacks on Canadian businesses, organisations and diverse levels of government.

"I cannot emphasise enough how important it is that in the current geopolitical environment ... we are very much on high alert for potential attacks from hostile state actors, like Russia," he said. The minister said those attacks "could manifest through cyber attacks, through ransomware, which look to identify potentially valuable targets to Canadian interests, like critical infrastructure, but equally to subnational targets, different orders of government and other sectors of the economy."

Since the government created the Canadian Centre for Cyber Security, (CCCS) it has been sharing cyber threat information with owners and operators of Canadian critical infrastructure. The federal government also has created a special unit within the RCMP to coordinate police operations against cyber criminals. 

The CCCS has issued a number of bulletins warning Canadians of the potential for cyber attacks by Russian state-backed actors who may try to assault critical infrastructure, such as electricity systems.

In its National Threat Assessment 2020 report, which laid out its predictions for the next two years, the centre said the number of bad actors is rising and they're getting more sophisticated. It warned of a potential increase across Canada in cybercrime, ransomware attacks and commercial espionage, particularly against Canadian businesses, academic institutions and governments that may have proprietary information.

"Canadian organisations of all sizes, such as small and medium-sized enterprises, municipalities, universities and critical infrastructure providers, face a growing number of cyber threats," the centre wrote in its report. "These organisations control a range of assets that are of interest to cyber threat actors, including intellectual property, financial information and payment systems, data about customers, partners and suppliers and industrial plants and machinery." 

The value of ransomware payments is also on the rise, the CCCS warned. "Ransomware researchers estimate that the average ransom demand increased by 33 per cent since Q4 2019 to approximately $148,700 CAD in Q1 2020 due to the impact of targeted ransomware operations... At the more extreme end of the spectrum are multi-million dollar ransom events, which have become increasingly common," said the report.

Groups like the Canadian Federation of Independent Business (CFIB) say the government should focus on providing information and improving police services to victims, instead of making reporting mandatory. "Forcing them to do it will not result in fewer attacks, it will mean more work and red tape for businesses. Some of them don't want to report cyberattacks, fearing their additional consequences." commented Jasmin Guénette, vice-president of national affairs for the CFIB.

In contrast, at least one Canadian cyber security expert thinks that Canadian organisations should report cyber incident breaches to a federal authority to develop nation-wide threat intelligence. “Canada absolutely needs mandatory full incident reporting,” said Brett Callow, a threat analyst for Emsisoft.

CBC:     ICLG:      CTV:    Global News:      IT World Canada:     ProIQRA

You Might Also Read: 

The Cyber Security Top Ten Power List:

 

« Channel 4 TV Launches New Cyber Thriller
Cyber Security Training For Employees & Employers »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

AML Solutions

AML Solutions

AML Solutions offer a full range of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) services.

Certus Software

Certus Software

Our Secure Data Erasure solutions protect customer data confidentiality by completely erasing it from data storage devices.

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

RBCCPS is an interdisciplinary research and academic centre within the Indian Institute of Science focused on research in cyber-physical systems.

Verodin

Verodin

Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness.

SOC Experts

SOC Experts

SOC Experts is a pioneer (we started SOC training well before people realized how big the domain was going to be) and the only institution to provide end-to-end training on Security Operations Centers

Cyber Defense Networking Solutions (CDNS)

Cyber Defense Networking Solutions (CDNS)

CDNS is a global network infrastructure provider whose platforms are engineered for security, optimized for speed and designed for resiliency.

Bfore.ai

Bfore.ai

Stop future attacks, today. Bfore.ai is an operational threat intelligence feed to add predictive technology to your security infrastructure.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

Timus Networks

Timus Networks

Timus Networks enables today's work from anywhere organizations to secure their networks very easily and cost effectively.

Aptum

Aptum

Aptum is a global hybrid multi-cloud managed service provider delivering complex and high-performance cloud solutions with an integrated secure network.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

B&L PC Solutions

B&L PC Solutions

B&L PC Solutions deliver top cyber security services on Long Island and New York city to protect businesses from evolving online threats.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.

GovSky

GovSky

GovSky streamlines CMMC compliance, saving time and significantly reducing cost.

Adili Group

Adili Group

Adili Group is a leading pan-African corporate advisory firm. We deliver tailored solutions in regulation and compliance, risk management, and improving business efficiency.

Cytacs

Cytacs

Cytacs is the AI-powered cyber security platform specifically designed for small and medium-scale enterprises.