On Friday January 15th 2022, the EU initiated a six-week stress test of its member state’s cybersecurity. According to Bloomberg.com, the purpose of these tests was to strengthen the EU’s preparedness for incoming attacks, as well as increase cooperation and coordination of member states. In the first simulation, a cybersecurity incident is discovered in a fake major Finnish power company. Due to the interconnectedness of this power company’s systems with other Finnish national and international systems, this simulation required intensive cooperation between EU member states. The response force was responsible for determining the origin of the crisis, determining the potential impact, and doing anything possible to limit the scope of the issue. This is the largest stress test of its kind; the EU will likely use this test to develop a framework for a joint response to future major incidents (infosecurity-magazine).
Cyberattacks are on the rise
The global pandemic has created an environment for cyberattacks to flourish. During the first year of the pandemic, cyberattacks doubled in Europe (cnn) and attacks on Canadian hospitals alone increased by 250% (yahoo finance). This included one of Canada’s worst cyberattacks in history, which caused extreme disruptions to the health care system in Newfoundland and Labrador (cbc). This attack, like many other attacks on hospitals, are ransomware attacks, where malicious actors take health data hostage, encrypt it, and then only release the encryption key if a ransom is paid. These attacks have costed Canada millions of dollars; the Communications Security Establishment (CSE) estimates that the average cost of a data breach is $6.35-million (globe and mail). The attacks have also caused a massive disruption in health care faculties during the pandemic (cbc).
Canada’s preparedness strategy
Canada has outlined its National Cyber Security Strategy on its website, which includes a multifaceted approach to prevention and preparedness. However, this not mean that Canadians are necessarily well protected. According to the financial post, more than half of Canadian businesses rarely or never conduct cyber penetration tests. The Canadian government does do stress tests on critical components (driving.ca), however the scope of these tests is not public knowledge as far as I am aware. Additionally, I could not find any public information on international strategies that Canada has developed with other nations to handle major cyberattacks.
Should Canada follow the EU’s steps in joint preparedness?
As cyberattacks are becoming more and more prevalent, I believe that creating frameworks to handle major cyberattacks will become necessary. The EU is taking an important step in determining the best ways to not only prevent these attacks, but also how to mitigate the damage when they do occur. I believe that these frameworks need to be international, but also interprovincial for Canada. With how linked all of our government systems are, a single-entry point could cause massive damage, as we saw in the Newfoundland-Labrador hospital attack. While prevention is clearly the most efficient option, being prepared to mitigate the damage is also an extremely important thing to consider.
References
https://www.infosecurity-magazine.com/news/eu-supply-chain-attack-simulation/
https://www.cnn.com/2021/06/10/tech/europe-cyberattacks-ransomware-cmd-intl/index.html
https://www.cbc.ca/news/canada/newfoundland-labrador/nl-cyber-attack-worst-canada-1.6236210
https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/index-en.aspx
https://driving.ca/car-culture/auto-tech/can-canada-fend-off-a-colonial-pipeline-like-cyberattack
Hi,
I also agree with the statement saying that being prepared to mitigate the damage when being attack by a cyber attack. I have heard when business are attacked by cyeber attacks, they lose alot of money as well as their data being stolen which customer’s financial and personal informations can also be taken. Since rates of cyber attacks happening are keep rising as days go by, preparing a backup plan as well as mitigating wouldn’t be such a bad idea!
Interesting blog post!
I agree with creating such a framework to handle and prevent cyberattacks to avoid the loss of money and sensitive/valuable data from attacks. As mentioned in this blog, there has been an increase in cyberattacks, which we can expect to see more of as technology around us evolves and becomes more powerful and accessible. Stress testing cyber security would be great practice for businesses, preparing themselves to efficiently tackle and find solutions to cyber attacks. Businesses that stress test their cyber security would be able to stress less about their company’s safety as they would be more prepared since we can assume the cost of recovering from an attack would be much higher than the cost of preparing and preventing one. Also, to mention, businesses and organizations that have been victims of cyberattacks have seen their reputations suffer as their users’ or customers’ information has been compromised. Which would result in the loss of customers as they would find the company untrustworthy.
This is an excellent essay. It’s fascinating to watch how the global epidemic has resulted in a large rise in the number of these attacks. These data breaches have monetary implications and a negative impact on a company’s reputation. But the real question is how do corporations protect themselves from large-scale attacks, and are there ways to predict them? Educating employees, encrypting data, and backing up data are just a few of the fundamental safeguards. Because the bulk of cyber-attacks involves information from employees who accidentally gave it away, businesses must raise cyber security awareness.
This was a great topic to post upon. With cyber attacks being on the rise I think it is of utmost importance to mitigate and defend against them. Many of these cyber attacks aim to steal personal/private information that can result in dangers to the business or a business consumers. With that being said business’ should be taking cyber attacks seriously.
Hey, this was a great post. I recently wrote on cyberwarfare; however, my post did not cover as much as your post on protection against cyber attacks. Your post really helped me think about alot of stuff on how cyber attack can be prevented. I believe that if these strategies are implemented on a federal level, it would help avert many cyber attacks globally and give additional protection to its citizens.
This is an excellent post! The point of view here towards cyber threats is quite different from traditional approaches and rightly so. I agree with you that it is equally significant to mitigate as it is to prevent. Modern day softwares provide connectivity all over the world so deploying the right security measure that is distributed over the network is important but at the same time, a single point of failure can cause entire destruction in the sense that the “malware” can penetrate across networks and affect multiple regions. Hence, it is important for countries to understand their own liability when it comes to multinational conglomerates and ensure relationships are established for their own people’s safety as well as providing support mitigate treats originating elsewhere. Your examples and statistics are good and bring about the necessary awareness. I believe Canada will take steps in future to develop the right strategies and relations as it is something that’s starting to become mandatory rather than obligatory.
It’s intriguing to see how the global epidemic has resulted in a significant increase in the number of attacks. These data breaches have financial consequences as well as a bad influence on a company’s brand. But the main question is: how do businesses protect themselves against large-scale attacks, and can they be predicted? Employee education, data encryption, and data backup are just a few of the basic precautions. Businesses must enhance cyber security awareness because the majority of cyber-attacks include information from employees who have inadvertently given it away.