Hospitals, businesses and organizations in Ontario have recently been hit by a wave of high-profile cyberattacks, including LCBO this week and Toronto’s Children’s Hospital and Scout Canada in December.
The Canadian Press spoke with cybersecurity experts about whether cyberattacks are on the rise, why they’re happening, and what people and businesses can do to protect themselves.
Are cyberattacks happening more frequently?
These attacks are “absolutely” more frequent than they used to be, said Robert Falzon, head of engineering at cybersecurity firm Check Point Canada, and are likely still occurring on a daily basis. points out.
One reason is the increasing access to technologies that allow the development of malware, scripts, and other tools for potential hackers, such as the AI-powered computer program ChatGPT.
“Anyone who doesn’t have much of a skill set, or even a good command of the English language, can create a complete, near-perfect script that can be used to attack someone in a phone scam, email phishing scam, etc. Do you have one?” Falzon says.
“Historically,[hackers and scammers]have relied on their grammar and spelling skills, but many people can identify them and say, ‘Oh, this looks like a scam. Now they are getting harder and harder to detect.”
Charles Finley, the first executive director of the Rogers CyberSecure Catalyst Center at Toronto Metropolitan University, agrees that these attacks are on the rise. In particular, the attacks that struck SickKids on December 18th affected phone lines and internal clinical systems, slowing lab and imaging results. .
“They are on the rise across Western democracies,” says Finlay. “This is a serious problem, a serious challenge, and it’s getting worse.”
Another reason for the rise, he says, is that the ransomware industry has grown into a multi-billion dollar global criminal industry.
“This is supported by sovereign states with ransomware attackers, and ransomware attacks have proven to be very lucrative,” said Finlay, adding that as we rely on technology, cyber We are also noticing an increase in attacks.
Are Public Sectors Targeted?
According to Falzon, Check Point Canada has seen malware specifically developed to deploy against specific companies and organizations, which they call campaigns.
“They are using either phishing or a more advanced version of phishing called whaling, which looks like an executive telling an employee to do XYZ,” Falzon said. say. Whatever the content of that email will infect your organization. ”
Hackers will target any organization they believe has access to a ransom, Finlay said.
“The more important an organization is to the proper functioning of society and the economy, the more likely it is that ransomware gangs will be able to take advantage of significant financial gains,” said Finlay. I’m here.
“So the attack on SickKids hospital is exactly the kind of attack we should expect.”
But organizations may not always be targeted, says Falzon. That’s because many of the tools that deliver these cyberattacks take what he calls a shotgun approach of sending emails to thousands of potential victims.
“These were accidental attacks, and unfortunately someone clicked on a phishing email, attachment, etc. and fell victim, infecting systems in that area.
What can people do to protect themselves from cyberattacks?
According to Falzon, keeping computers and mobile devices up to date with the latest software is very important. Manufacturers frequently create “patches and updates” to target vulnerabilities.
“As all these attacks become more sophisticated, so do our defenses,” said Falzon, adding that passwords also need to be updated frequently and are distributed across multiple sites and services. It says it shouldn’t be used.
He advises people to download ransomware protection software on their personal devices and be hyper-aware when opening emails and text messages from unknown sources.
“It’s a big risk to carry it around and have no protection,” says Falzon.
“Someone can text you, whether it’s on WhatsApp, for example. You can control your camera and microphone to see your location, read your text messages, and more.”
What should businesses and organizations do to avoid falling victim to cyberattacks?
According to Finlay, the question is not whether an attack will occur, but when it will occur, something that organizations need to keep in mind.
He suggests conducting a “very thorough” risk assessment to discover systems and data vulnerable to cyberattacks and working with experts to determine how to protect them. .
“It often involves investments in people, processes, and technology, so employees need to be trained to recognize cybersecurity attacks,” says Finlay.
Cyber awareness training is the first tool companies, governments and even schools need to adopt to protect themselves, Falzon said.
“I am a firm believer that it needs to start at a much younger age,” he says.
For example, you can teach your children concepts such as “cyber hygiene” and teach them about passwords and what not to click online.
Mr Falzon said: “It’s already worked.”
cyber security