Sami Khoury, the head of the Canadian Centre for Cyber Security, says ransomware attacks are getting more sophisticated and there's a lot the country and companies could do to better defend themselves. A woman uses a keyboard in North Vancouver, B.C., Wednesday, December 19, 2012. THE CANADIAN PRESS/Jonathan Hayward
TORONTO – The head of the Canadian Centre for Cyber Security says ransomware attacks are getting more common and sophisticated, but there’s a lot the country could do to better defend itself.
“The threat is real, the threat is growing and we can’t talk enough about it,” said Sami Khoury, whose organization is aimed at providing the federal government with information technology security and foreign signals intelligence.
While ransomware attackers used to break into systems and take control, Khoury has now noticed many have changed their methods.
Instead of weaseling their way into systems and requesting cash just to give back control, Khoury’s found many attackers are now focused on stealing data and other sensitive information they can threaten to release or sell.
“They recognize that over time companies have become a little bit more sophisticated about having backups, so even if they lock the information technology, they can recover it from a backup,” he said.
“What they’re going after now is information.”
Such incidents have become so common that Khoury considers cybercrime, including ransomware, the No. 1 cybersecurity threat facing the country.
Book retailer Indigo, grocer Sobeys, oil and gas producer Suncor Energy Inc. and Toronto’s Hospital for Sick Children have all been victims of ransomware attacks over the last year.
Khoury counts about 305 reports of ransomware to the Canadian Centre for Cyber Security last year, up from about 295 the year before.
“But I can assure you the real number is nowhere near that,” Khoury said.
“The real number might be closer to add a zero maybe to it.”
The true number of attacks is likely much higher because he’s realized many organizations are too embarrassed to report they’ve been impacted by cybercrimes.
Khoury argues reporting is essential. The more incidents the Canadian Centre for Cyber Security knows about the more specific it can tailor its advice and guidance and the more information it can glean about who might be behind an attack, so they can be stopped.
He also urges organizations to better protect themselves against cyberattacks by using stronger, differing passwords, setting up multi-factor authentication on accounts and educating themselves about security risks.
These steps, he said, are key to fighting not just cybercrime, but also attacks on critical infrastructure, risks focused by nation states threatening Canada and rampant misinformation.
Each have grown in importance over the last year as geopolitical unrest grows and key infrastructure like pipelines are increasingly targeted.
Koury’s centre, which is part of the federal Communications Security Establishment, urged Canadians in February “to be vigilant and prepared” for potential malicious online activity following the one-year anniversary of Russia’s invasion of Ukraine.
In May, it warned of “a significant threat” from a state-sponsored perpetrator associated with China that “takes advantage of built-in network administration tools to move through systems, so any action can look like normal activity.”
It has also watched the government pull music-based app TikTok from federal devices because its parent company ByteDance is based in China, where laws allow the country to demand access to user data.
Asked if he would recommend the country to take further action on TikTok, Khoury said he would defer to the government, but indicated the public has a role to play.
“We invite all Canadians to look at the settings on their phone and look at what applications are asking for what access and make a personal judgment call,” he said.
Despite the influx of threats and the number of security issues capturing public attention these days, Khoury said Canadians shouldn’t feel pessimistic about the fight against cyberattackers.
“We can absolutely make a difference. I don’t want to leave you with a feeling of hopelessness,” he said.
“There’s a lot of good tools, a lot of good advice…and if something small happens on a network and you can call us and we will help you diagnose it.”
This report by The Canadian Press was first published July 19, 2023.