Cybersecurity threats confronting Canadian organizations continue to grow in volume, sophistication, and cost. As reported by Canadian Security, a 2020 survey of 251 Canadian CIOs, CTOs, and CISOs found that the volume of digital attacks had increased for all but one percent of survey participants in the past 12 months. All respondents said that their organization had suffered a security breach during that same span of time, however, with 86% of the leaders indicating that the digital attacks their organizations were facing had become more sophisticated. Simultaneously, Yahoo Finance Canada wrote that the average cost of a data breach in Canada had risen 6.7% since 2019 to $6.35 million, making it even more difficult for Canadian organizations to recover from those security incidents that they had suffered.
These findings illuminate the extent to which digital attackers threaten Canadian organizations and the consumers they serve. The Canadian Centre for Cyber Security is aware of this fact, which is why it released the National Cyber Threat Assessment for 2020. Based upon the Cyber Centre’s unified approach to cybersecurity, this report provides policymakers, business leaders, and individual Canadians with the information they need to counter the cyber threats discussed above.
Putting Technological Change into Perspective
In its report, the Canadian Centre for Cyber Security explains that technology is changing society. Many organizations are moving their services in order to optimize their efficiency and productivity while undergoing a digital transformation. Such a shift had already affected the everyday lives of Canadians leading up to 2020. But then the pandemic hit, and Canadians joined the rest of the world in spending even more of their waking lives online.
That raises an important question: is the impact of COVID-19 temporary, or will the pandemic leave a lasting impression on life as we know it? Technologies such as Artificial Intelligence (AI), the Internet of Things (IoT), the Industrial Internet of Things (IIoT), and cloud computing are expected to inspire new ranges of personal, commercial, and industrial activities. When combined with the rollout of 5G global wireless telecommunications, these developments could ultimately change Canadians’ lives even further.
Not all of those changes might be positive, however. As explained by the Cyber Centre:
The safety of Canadians depends on critical infrastructure (e.g., energy, water), as well as consumer and medical goods (e.g., cars, home security systems, pacemakers, etc.), many of which are controlled by computers embedded within them. Increasingly, these computers are being connected to the Internet by their manufacturers, sometimes unbeknownst to consumers, to enable new features or provide data to a third party. However, once connected, these infrastructure and goods are susceptible to cyber threat activity, and maintaining their security requires investments over time from manufacturers and owners that can be difficult to sustain.
That’s especially the case for the convergence of Information Technology (IT) and Operational Technology (OT). Indeed, many organizations are looking to IT to provide real-time data into their OT, information which they can use to optimize their physical processes and to perform preventative maintenance in the name of minimizing downtime. But in doing so, they’re overlooking the fact that many of their OT are legacy systems that were never designed with today’s digital threats in mind. Merging these two worlds subsequently creates a host of security challenges, as we explain here on this website.
The IT-OT convergence isn’t the only development that poses a threat to Canada’s critical infrastructure organizations. There’s also the issue of supply chain security. As events in 2020 demonstrated, malicious actors are capable of compromising the distribution systems of trusted solutions providers and using the resulting access to distribute malicious code to potentially thousands of customers, including government agencies, security firms, and organizations responsible for managing physical processes. Such supply chain attacks lay the groundwork for nefarious individuals to target organizations and their industrial processes in the future.
How to Defend against These Digital Threats
The Canadian Centre for Cyber Security explains that industrial organizations can mitigate the digital threats discussed above by cultivating their security awareness and implementing cybersecurity best practices.
ORIGNIX is in a position to help industrial organizations do exactly that. Its cyber Process Risk Analysis (cyberPRA) methodology identifies potential gaps, hazards, vulnerabilities, and independent protection layers associated with engineered industrial processes at plant facilities. A key part of cyberPRA is using the cyber Hazard and Operability (cyberHAZOP) component to help clients systematically identify and qualify the risks on their cyber-physical systems’ (CPS) availability and reliability.
Once it creates that awareness of risk, ORIGNIX uses its cyber Operations Resilience Management (cyberORM) system framework to help customers fast-track and achieve the desired functional and strategic risk tolerance level of their CPS. Its methods are based on recognized and generally accepted good engineering practices (RAGAGEP) along with security best practices, including internationally recognized industry standards ISO 27001/2, ISA/IEC 62443, ISA/IEC 61511, and NIST 800-82.
For more information, click here.
Authors note: This blog was co-authored between Saif Shariff and David Bisson.
