More than half of cyber attacks in Canada last year were ransomware attacks: study

There is an unabated increase in the velocity of growth in cyber-attacks, says Blakes partner

More than half of cyber attacks in Canada last year were ransomware attacks: study
Sunny Handa, partner at Blakes

The number and severity of cyber-attacks increased significantly in 2021, so organizations must heighten vigilance and improve awareness at all levels, according to a new study by Blake, Cassels & Graydon LLP. The firm’s third annual Canadian Cybersecurity Trends Study reports that 55 per cent of cyber-attacks last year were ransomware attacks.

“It’s not just the frequency, but the complexity of attacks, the techniques that are being layered on, the quantum of the ransoms and in the business email compromise world, it’s the amount that is being defrauded,” says Sunny Handa, a partner at Blakes. “All those things are continuously increasing.”

Ransomware attacks generate considerable money for the perpetrators and are fairly easy to implement, Handa says, so it is unsurprising that they have become so prevalent.

The report also found that ransom payments continue to rise, with 25 per cent of ransom payments now exceeding US$1-million. Attackers are targeting a wide range of industries across Canada, with 50 per cent of cybersecurity attacks occurring in Ontario.

In approximately 40 percent of cyber-attacks, corporate data and personal information of an organization’s employees was accessed and/or exfiltrated. The report recommends that organizations undertake a data mapping exercise in which they identify their crown jewels, sensitive corporate information and any personal information they hold, and then implement appropriate safeguards such as encrypting, restricting access or password-protecting more sensitive information.

Handa is not surprised by the report’s finding that 83 per cent of companies hit by a cybersecurity attack did not report it to law enforcement.

“Law enforcement is getting better at this, so I think those numbers will change,” he says. “It is difficult for them to find the hackers because they are generally overseas. I think what needs to happen is a better relationship between breach coaches and law enforcement so that everyone has a clearer understanding of who is doing what in the middle of a breach.”

Software vulnerabilities are becoming an increasing root cause of cybersecurity incidents, with 34 percent now caused by unpatched software vulnerabilities, according to the report. Attackers can exploit vulnerabilities in programs used by organizations to gain access to their environment and carry out the attack. In nearly half of cybersecurity incidents (49%), the attacker was able to exfiltrate data, meaning it was able to remove data from the organization’s environment and store it on a computer system that it controls.

To help mitigate this risk, it is important to ensure critical security updates are patched quickly, the report states, and to provide ongoing cybersecurity training to the employees.

Handa reminds legal departments that cybersecurity is an enterprise risk, not an IT issue.

“Anyone who thinks this gets fixed in the IT department is not getting it at this point,” he says. “This needs to start off at the board level or senior management suite level. They are going to need to take this seriously, and allocate resources and financial budget – but the costs are much much higher in an attack.”

In the event of a cyber attack, Handa advises organizations to contact the right professionals such as a breach coach and insurance company.

“Don’t unplug your systems, especially if there is an encryption process happening, as you could irrevocably lose your encrypted files,” he adds.

Recent articles & video

DLA Piper introduces investment funds partner group

Cooley announces next CEO

Law Society of Alberta hangs up on the Lawyer Referral Service

Calling 911 about an overdose cannot result in drug possession arrest, finds SK appeal court

Helping advocates excel from the outset: The Advocates' Society's CEO Vicki White

Field Law Community Fund Program opens to applicants

Most Read Articles

Recent BC case highlights personal injury law's major shift under no-fault auto insurance: lawyer

ESG, AI, oh my: new trends causing anxiety for lawyers

Federation of Law Societies challenges mandatory reporting obligations under the Income Tax Act

Businesses want more clarity on Quebec privacy law's requirements: Gowling WLG survey