Canadian public and private networks are threatened with cyberattacks almost daily. Government entities and critical infrastructure make desirable targets for cybercriminals who have targeted Canada’s health sector in Newfoundland and Labrador as well as utility providers. Globally, high-profile incidents with Colonial Pipeline, SolarWinds Orion, and JBS Foods demonstrate the vulnerability of critical systems.
The havoc these malicious activities cause results in real-world consequences. In Canada and worldwide, cyberattacks can interrupt essential services, cause significant reputational damage, and result in high remediation costs. The public sector must be extra vigilant, as they bear responsibility for critical systems and sensitive data. Ensuring government systems and services remain secure requires a defensive and proactive approach.
The ever-expanding threat landscape
Cyberattacks can come from anywhere. The current geo-political environment provides extra reasons for security teams to be on high alert, as even unlikely targets can find themselves in the crosshairs of ongoing nation-state conflicts. When Ukraine was hit with a Kremlin-backed NotPetya attack it rapidly spread across the globe and became one of the most costly and destructive attacks to date. More recently, Russian cyber threat activity also targeted organizations in Canada, the United Kingdom, and the United States involved in COVID-19 response and recovery efforts.
The COVID-19 pandemic has increased risk as security teams scrambled to adapt to a remote work model. The resulting expanded networks created new risks and emboldened attackers, both nation-states and cybercriminals.
Cybercriminals are also becoming more sophisticated, taking cues from nation-state bad actors. They now use the same types of tactics and are better funded and resourced. Ransomware has now evolved into a ransomware-as-a-service business, and the threat has intensified. Some ransomware not only locks organizations out but can also delete data by acting like wiperware. Cybercriminals may also choose to sell an organization’s data, causing further damage and reputational loss.
Strategies for the public sector
Increasing threats are of particular concern for the public sector, as they are the keepers of the critical systems Canadians depend on. Cybersecurity must take a lead role, especially with operational technologies in infrastructure, as their interconnected nature makes them more vulnerable to cascading failures that can impact whole sectors and regions. Faced with more threat actors and more sophisticated attacks, public sector organizations and critical infrastructure projects must pursue defensive and proactive security strategies. They can improve their odds against cybercriminals by focusing on a few key areas:
Plan for the worst: Invest in crisis scenario planning before the crisis hits. Whether an organization works with its internal team or brings in external counsel to expand incident response capabilities, structured discussions with leadership and simple exercises can positively impact response times.
Find allies: In Canada, organizations can leverage resources through the Canadian Centre for Cyber Security (Cyber Centre) and report attacks via the Canadian Cyber Incident Response Centre (CCIRC). The RCMP National Cybercrime Coordination Unit and the CSIS Cyber Operations branch investigate threats. Since law enforcement faces under-reporting challenges, developing relationships within a broader cyber-security network and sharing threat information can help mitigate risks for everyone.
Understand the landscape: Organizations can help protect themselves by considering an investment in real-time cyber threat intelligence. By taking advantage of external experts, they can ensure they are aware of the latest global threats – and understand what to do with that intelligence to protect their networks better.
Invest in deception: Public sector organizations should consider implementing deception technology, a proactive security solution designed to deceive, expose and eliminate external and internal threats early in the attack kill chain. These tools can serve as an early warning system by detecting an attacker’s activity and lateral movement within a decoy network.
Practice good digital hygiene: Maintaining the basics is always a best practice. Timely offline backups and routine software patching are ways organizations can easily protect their assets. The use of multifactor authentication is now considered table stakes, and more organizations are adopting zero trust architectures to ensure they know who is accessing what within their network environment at all times.
Consider interoperability: Instead of seeing interoperability as a risk, consider it a potential strength. As everything – including infrastructure – gets “smarter,” disparate infrastructures will need to talk to each other so that in the event of an attack, responses can be coordinated.
Think long term: Organizations must consider the long-term implications of IT and security purchases. Opt for software-based solutions, such software-defined wide-area networks or SD-WAN and cloud solutions. These software-based approaches typically are easier and less expensive to update or upgrade, saving precious resources and time.
For the public service sector, maintaining and improving cyber security is critical to the confidentiality, integrity, and availability of critical services. Our world is becoming more digitized and interconnected, while bad actors have become more plentiful and sophisticated. Defending against a myriad of threats, including ransomware, cyber-espionage, foreign interference, and disruptive attacks, makes it harder for security teams to maintain the perimeter. Staying one step ahead will require organizations to develop smart, forward-looking defensive and proactive strategies.