More than half of cyber attacks in Canada last year were ransomware attacks: study

There is an unabated increase in the velocity of growth in cyber-attacks, says Blakes partner

More than half of cyber attacks in Canada last year were ransomware attacks: study
Sunny Handa, partner at Blakes

The number and severity of cyber-attacks increased significantly in 2021, so organizations must heighten vigilance and improve awareness at all levels, according to a new study by Blake, Cassels & Graydon LLP. The firm’s third annual Canadian Cybersecurity Trends Study reports that 55 per cent of cyber-attacks last year were ransomware attacks.

“It’s not just the frequency, but the complexity of attacks, the techniques that are being layered on, the quantum of the ransoms and in the business email compromise world, it’s the amount that is being defrauded,” says Sunny Handa, a partner at Blakes. “All those things are continuously increasing.”

Ransomware attacks generate considerable money for the perpetrators and are fairly easy to implement, Handa says, so it is unsurprising that they have become so prevalent.

The report also found that ransom payments continue to rise, with 25 per cent of ransom payments now exceeding US$1-million. Attackers are targeting a wide range of industries across Canada, with 50 per cent of cybersecurity attacks occurring in Ontario.

In approximately 40 percent of cyber-attacks, corporate data and personal information of an organization’s employees was accessed and/or exfiltrated. The report recommends that organizations undertake a data mapping exercise in which they identify their crown jewels, sensitive corporate information and any personal information they hold, and then implement appropriate safeguards such as encrypting, restricting access or password-protecting more sensitive information.

Handa is not surprised by the report’s finding that 83 per cent of companies hit by a cybersecurity attack did not report it to law enforcement.

“Law enforcement is getting better at this, so I think those numbers will change,” he says. “It is difficult for them to find the hackers because they are generally overseas. I think what needs to happen is a better relationship between breach coaches and law enforcement so that everyone has a clearer understanding of who is doing what in the middle of a breach.”

Software vulnerabilities are becoming an increasing root cause of cybersecurity incidents, with 34 percent now caused by unpatched software vulnerabilities, according to the report. Attackers can exploit vulnerabilities in programs used by organizations to gain access to their environment and carry out the attack. In nearly half of cybersecurity incidents (49%), the attacker was able to exfiltrate data, meaning it was able to remove data from the organization’s environment and store it on a computer system that it controls.

To help mitigate this risk, it is important to ensure critical security updates are patched quickly, the report states, and to provide ongoing cybersecurity training to the employees.

Handa reminds legal departments that cybersecurity is an enterprise risk, not an IT issue.

“Anyone who thinks this gets fixed in the IT department is not getting it at this point,” he says. “This needs to start off at the board level or senior management suite level. They are going to need to take this seriously, and allocate resources and financial budget – but the costs are much much higher in an attack.”

In the event of a cyber attack, Handa advises organizations to contact the right professionals such as a breach coach and insurance company.

“Don’t unplug your systems, especially if there is an encryption process happening, as you could irrevocably lose your encrypted files,” he adds.

Recent articles & video

Vienna Kang Advocates executive slams CBA's decision to strike

Research report reveals legal problems faced by transgender, two-spirit, non-binary people in Canada

Allens, Linklaters help Ontario Teachers snag controlling stake in TowerCo

What tactics do successful lawyers use to win the toughest lawsuits?

Former Japan FTC secretary general joins Baker McKenzie

WeirFoulds LLP partner in Caribbean practice group wins anti-LGBTQ challenge in Antigua and Barbuda

Most Read Articles

Coquitlam family law lawyer named in Superbad enjoys his name becoming a meme

Alleged Norval Morisseau forgery leads to 9-year defamation and harassment campaign against lawyer

SCC denies leave to challenge of Alberta law prohibiting ‘essential infrastructure’ protests

WeirFoulds LLP partner in Caribbean practice group wins anti-LGBTQ challenge in Antigua and Barbuda