Canadian Companies Vulnerable To Cyber-Attacks

Canadian organizations aren’t prepared for the rising caliber of attacks, according to Deloitte’s 2015 cyber security survey. Only about 9 per cent of 103 organizations were deemed highly secure, vigilant and resilient towards potential hacks and 68 per cent aren’t in a position to recover quickly from an attack.

The costs of data breaches in Canada rose by about 14 per cent to $6.03 million in 2016 from $5.3 million in the year-earlier period, according to researchers at the Ponemon Institute.

The greatest financial impact to these organizations after a hack is the loss in business due to a lack of customer trust, according to the independent research organization.

Organizations are unconsciously incompetent

Organizations are unconsciously incompetent,”  said a Deloitte spokesman. “They think they are well prepared… but when we scratch beneath the surface we notice there are some pretty severe gaps.”

“The reality is everyone’s a target. If you’re connected to the Internet — you’re a potential target.”

According to the Canadian federal government, which launched a public consultation on cyber security on Aug. 16, about 70 per cent of Canadian businesses have been victims of cyber-attacks and the average cost is $15,000 per incident.

One common method of attack involves a spearfishing email, where hackers send targeted messages to employees of an organization. These emails contain personal information gathered from online profiles like LinkedIn and Facebook, to convince the victim the email is genuine.

If the victim opens an email attachment, they invariably release a virus.

Masse said that Deloitte re-creates these kinds of attacks to determine how vulnerable a client is and the hacks always win.

“If we have a 100 per cent success rate, then the bad guys have 100 per cent as well,” he said.

Holding data for ransom

The use of ransomware is a more advanced method of attack and it involves hacking vital information, placing a password on the files and then holding that information hostage.

“We’re seeing a massive increase in ransomware attacks,” said Masse.

The Ottawa Hospital had a ransomware attack in March on four computers out of its network of 9,800 after an employee clicked on a malicious link. Fortunately, patient information was retained as the hospital responded by wiping drives and no ransom was paid.

An Osterman Research study published by San Jose-based internet security company Malwarebytes earlier this month found 44 of the 125 Canadian organizations surveyed said they’ve had a ransom ware attack in the past year. Thirty-three of the companies paid out ransoms of $1,000 to $50,000.

These kinds of security breaches prompted IBM to use its artificial intelligence software called Watson to help combat cyber-attacks. Since its inception in the mid-2000s, Watson has used machine learning to solve various problems.

“A big part of what we’re seeing now is healthcare breaches,” said Boston-based Caleb Barlow, vice-president of IBM Security. “It’s happening around the world.”

One of the challenges is the sheer amount of data. “You could not possibly hire enough people to sift through that log of information and figure out what to pay attention to,” said Barlow. “And that is the problem we are starting to resolve with Watson.”

The goal is for the program to connect pieces of information and come to realistic conclusions, like a human would. “Watson’s able to think like a forensic researcher,” he said. “You train it on some of the basics and then it comes back and starts to learn some of these things on its own.”

To help train Watson, IBM has enlisted the help of eight universities including three in Canada: The University of Ottawa, the University of Waterloo and the University of New Brunswick.

Identifying risks

Professor Ali Ghorbani, dean of the faculty of computer science at the University of New Brunswick, is one of the researchers, focusing on user behaviour and cyber risk identification.

The aim is for Watson to able to interpret large amounts of data and answer security questions.

“Every solution that you can find now for security, in terms of preventing intrusion or mitigating an attack, are primarily [using] data mining or machine-learning based technology,” he said.

“Ransomware is the most damning issue we have now in our businesses, in our government and in our institutions too,” Ghorbani said. “It’s projected to increase much more in the near future.”

Organizations like Deep Instinct are also attempting to use artificial intelligence and machine learning to combat cyber security. The company, based in San Francisco and Tel Aviv, uses a form of artificial intelligence called deep learning to identify cyber threats.

Just as the brain remembers an object after identifying it the first time, Deep Instinct’s software does the same by remembering forms of cyber threats.

“Deep Instinct’s artificial brain learns to identify which files are malicious,” said Tel Aviv-based Maya Schirmann, Deep Instinct’s chief marketing officer. “The result is the ability to identify brand new cyber threats and block them, all in real-time.”

Deep Instinct’s technology can be used on computers as well as smartphones and tablets. Schirmann said their clients include several Fortune 1000 companies.  

Staying ahead of threats

While more tools are becoming available, it’s still a challenge to keep up with the threats.

Data storage company EMC, ranked Canada 15 out of 18 countries in terms of being “ahead of the curve” with regard to data protection. However, about 82 per cent of the100 organizations surveyed in Canada said their current data protection wouldn’t meet future business challenges.

The Canadian government also recognizes the importance of cyber security and that’s why they’ve launched the consultation project.

“We need to get really good at cyber security – across our personal, business, infrastructure and government sectors – so we can take full advantage of the digital economy, while protecting the safety and security of Canadians,” said Ralph Goodale, minister of public safety and emergency preparedness.  

Financial Post:

 

« Australian Government Networks Hacked
Critical Infrastructure Is The Next Target »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The Networking People (TNP)

The Networking People (TNP)

TNP supplies independent advice allowing large organisations to design, build and operate their own networks independently of the established telecoms companies.

Caliber Security Partners

Caliber Security Partners

Caliber Security Partners is a full-service information security company, with a wide range of security services for clients with varying levels of security maturity.

Raz-Lee Security

Raz-Lee Security

Raz-Lee Security is the leading security solution provider for IBM Power i, otherwise known as iSeries or AS/400 servers.

Securely

Securely

Securely Ltd. is an IT consulting and services firm specializing in PKI solutions and products.

Ogasec

Ogasec

Ogasec is a cybersecurity company formed by the merger between Aker and N-Stalker in 2017. Solutions include Security & Connectivity Networking, Application Security, and Managed Security Services.

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center is dedicated to combating adversaries who desire to harm our citizens, our government, and our industry through cyber-attacks.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

SterlingRisk Programs

SterlingRisk Programs

SterlingRisk’s Cyber practice brings experience working with a wide array of clients across a broad spectrum of industries.

Northcross Group (NCG)

Northcross Group (NCG)

NCG provides services to help organizations meet the challenges of regulatory compliance. Our services include support, consultation, tools and accelerators for all parts of an organization.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

Patriot Consulting Technology Group

Patriot Consulting Technology Group

Patriot Consulting's mission is to help our clients manage cybersecurity risk through secure deployments of Microsoft 365.

Heron Technology

Heron Technology

Heron Technology are a technology solutions consultancy with core competencies in the areas of Cyber Security and Digital Aviation.

Heartland Business Systems (HBS)

Heartland Business Systems (HBS)

Heartland Business Systems serves commercial, public sector and small to medium business with results-driven and dedicated information technology services.

SoftForum

SoftForum

SoftForum is a company specializing in next-generation information security solutions in the Quantum-Resistant-Cryptography (PQC) field.

Space Hellas

Space Hellas

Space Hellas is a dynamic, established System Integrator and Value Added Solutions Provider, holding a leading position in the high technology arena.