Over two-thirds of Canadian execs view cybercrime as biggest threat
Over two-thirds of Canadian executives think cybercrime is their companies’ most significant threat, according to PwC’s Canadian Cyber Threat Intelligence Annual Report.
Eleven percent of Canadian CEOs told the consulting firm they think their company will be either highly or extremely exposed to cyber risks over the next 12 months.
Businesses and governments are wrestling with how to boost resilience in a shifting threat landscape driven by increasing geopolitical tensions, fluctuating economic conditions, and rapid digitization.
According to data from IT security firm Check Point Software, Canada saw a 20% increase in cyberattacks. This is much lower than the 52% rise for North America – with the US attracting significantly more growth in attacks because of a concentration of high-value targets and its situation as a prime recipient for state-sponsored attacks from geopolitical adversaries Russia, China, Iran, and North Korea.
The above adversaries are targeting not only government assets, but also critical infrastructure and key industries. Threat actors will also increasingly search for vulnerabilities in internet of things (IoT) to disrupt business operations, public safety, and national security.
On the Canadian side, Global Affairs Canada experienced a multi-day cyber incident in January 2022 following a commitment to support Ukraine’s sovereignty. The overwhelming likelihood is the attack was committed by Russian state-sponsored hackers.
Acceleration of digitization in the pandemic era is also helping drive growth in cyber events. During 2022, there was a steady increase in business email compromise attacks and phishing attacks,
Ransomware continued to be the most prominent cyber threat to Canadian organizations in 2022, with other top threats being state-sponsored actors, geopolitical targeting, supply chain attacks, phishing, cloud weaknesses, and distributed denial-of-service (DDoS).
The most targeted industries in Canada, according to PwC, were services (20%), manufacturing (16%), and public sector (10%).
Artificial intelligence is the new battleground for cyber threats, with threat actors utilizing AI tools to enhance their attack strategies and seeking out vulnerabilities in hastily adopted generative AI platforms. Firms will have to put in effective controls to secure their organization, but AI also has defensive applications.
“Even as threat actors look to use new technological innovations and AI to enhance their cyberattack capabilities, AI can be used to enable organizations to quickly detect and mitigate potential threats,” said Umang Handa, partner, national cybersecurity managed services leader, PwC Canada. “In 2023 and beyond, organizations will need to embrace a more holistic approach to cyber security to manage the complexity of the rapidly evolving cyber threat landscape.”