Solving Canada’s security holes with the Malware Map of Canada

January 31, 20184 Minute Read

It’s no secret that 2017 has been a pretty rough year for cyber defence specialists everywhere. During the first half of the year, more data was breached than in all of 2016 combined—and breaches aren’t the only type of attack affecting the business world today. From malicious ransomware to viruses designed to brick entire machines, cybersecurity threats to businesses everywhere are growing.

See for yourself: If you look at the most recent Malware Map of Canada, the dangers aren’t remotely evenly distributed. From password encryption to printer security, the map highlights some scary vulnerabilities—and it’s time for businesses to get their cybersecurity in check. Know the threats, and you’ll be able to protect your business from the worst of what’s out there. And unless you’ve been living under a rock, you know that means WannaCry-level breaches.

Navigate Canada’s malware hotspots

If you’ve never seen the map before, here’s some background info: It shows the distribution of cyber attacks throughout the country. From what we can see, a lot of it’s concentrated near major metropolitan areas. Predictable, yes, but the country’s largest cities were hit hardest.

Even though the overall number of malware attacks declined during the summer of 2017, the number of ransomware attacks spiked by a whopping 23 percent. It’s official: Ransomware is the most rapidly growing category of attack. But the reality is that most of these attacks were launched without any specific idea of where the target was located, and simply cluster near cities due to Canada’s highly concentrated population.

What have we learned from this? Malware activity generally doesn’t follow centres of population, it follows centres of information—and information is a big moneymaker. Thanks to the map, we can see that the most threatened cities tend to be Vancouver, Toronto, and, despite its relatively small size, Ottawa. The Canadian capital has carried a much higher-than-average rate of malware attacks over the past few months—980 percent higher than average, to be exact. If you’re wondering what that means, let us explain: The value of data can be completely unrelated to the net worth of the entity from which it was stolen.

Don’t panic, but you’re on your own

The Government of Canada is one of the most targeted recipients of cyber attacks in the world, which is a pretty big problem: It’s the first line of defence for the country’s larger business and civilian infrastructures. The Cyber Security Cooperation Program is still moving along, and it’ll continue to hand out grants to cybersecurity operators until 2019. But for the most part, Ottawa’s contribution right now is to focus on its own needs and build up its own capabilities.

That’s exactly how Canada is supposed to behave in the final years of its Cyber Security Strategy, which was created to bring the country’s cybersecurity infrastructure up to speed. Going forward, the Canadian federal and provincial governments will try to help boost the overall level of data privacy and security in business. But for now, even the country’s largest and most economically important corporations have been thrown to the wolves, and they’ll have to design a security regime essentially on their own.

Strike back at cyber attacks

It’s not glamourous, but it’s true: The most important security practices are the oldest, simplest, and most annoying to keep in place. That means you’ll need to make sure your software is updated with the latest security and stability patches, and, while you’re at it, enforce best practices on employees so they don’t undermine all your hard work. From wireless access points to USB ports, there are countless points of entry for attackers. If you want to kick your security up a notch, you’ll need defensive measures that span network security, device protection via dedicated printer security suites, and even physical alarm systems throughout the office itself.

One more measure: Have you tried collecting defensive intelligence? Try out some software that helps log and analyze network activity so your IT team is alerted to even harmless investigatory moves by potential attackers. If you start using more advanced techniques like honeypots—fake areas of the network designed to entice attackers and trigger internal alarms—it’s possible to build a profile of the attack types your business is most likely to suffer, and defend against them as strategically (and powerfully) as possible.

It’s all part of an ongoing war between criminal hackers and the manufacturers of office devices and services. Device manufacturers are actually winning most of the battles, patching the biggest vulnerabilities before they hit the world’s networks. But if you’re not keeping your installations up to date, you’re regularly undermining their efforts. So kick the lax security practices, and the world’s network and device security companies could win every battle.

Even if your company isn’t situated in one of the hotspots shown on the map, it’s important to stay as secure as possible. After all, it’s not just your business’s security that’s at stake—it’s the defensive abilities of the country at large.

Gary Hilson October 31, 2018 4 Minute Read

5 ways to prepare for PIPEDA’s updates

PIPEDA's getting an update, and it looks a whole lot like GDPR. Here are five best practices that will help you stay compliant.

Stephanie Vozza October 29, 2018 4 Minute Read

Brush up on these 4 fundamentals for Cybersecurity Awareness Month

From employee training to shoring up endpoints and passwords, get primed for Cybersecurity Awareness Month with these four security and privacy tips.

Graham Templeton September 26, 2018 4 Minute Read

Prepare for PIPEDA with better device security and data privacy

Complying with PIPEDA's new privacy amendments requires diligence in everything from internal processes to device security.