The constant barrage of cybersecurity threats on corporate networks in Canada, and the US for that matter, has been in the media spotlight continuously for several months now.
Reports such as the one released by Websense recently in August, conducted by security research firm Ponemon Institute, found that nearly 36% of the Canadian companies had experienced one or more network cyber-attack over 2013. What's even more troublesome, if that's possible, is that 56% of the 236 Canadian companies responding believed there were more threats that went undetected.
Part of the problem is that these threats often go unannounced because companies fear the repercussions from their customers, not to mention liabilities that may result.
The Canadian Cyber Incident Response Centre, which now staffs 57, is one of the core outfits responsible for receiving cybercrime complaints from both public and private companies nationwide and orchestrating responses after thorough analysis. The CCIRC has more than 100 million pieces of malware in its database of which almost 32 million has been analyzed, as reported in an Ottawa Citizen post.
Even though the analysis workload seems fairly heavy at the moment, we know that it's growing at a steady rate. Information from the RCMP, which has nine cybercrime units based throughout the country, shows that incidents of cybercrime are up 26% and now costs Canadians up to $3 billion yearly. Recall that in April this year the RCMP’s National Division Integrated Technological Crime Unit (ITCU) had to intervene to capture the person responsible for allegedly using the Heartbleed computer bug to steal 900 social insurance numbers from the Canada Revenue Agency (CRA).
The RCMP also identifies a lack of reporting from private businesses as a major source of concern citing that there's no legal requirement to do so, as in other countries, at least right now.
However, help is on the way for the cybercrime fighters in the form of Bill S-4, the Digital Privacy Act, now before Parliament. This act seeks to make it mandatory for federally regulated businesses, including government agencies, to report any significant security breach to the federal privacy commissioner as well as customers and clients whose private information was compromised.
The Digital Privacy Act is a small step in what seems like a never-ending battle. The Communications Security Establishment (CSE), the national organization employing 2,200 people to protect our computer networks, reports that there are 60,000 new malicious programs identified every day and that Canadian government departments are subject to millions of cyber intrusion attempts daily.