The COVID-19 pandemic forced a massive transition to remote work, which according to Microsoft Canada’s National Security Officer John Hewie, it was also “a gift for cyber criminals.” Speaking at the Public Policy Forum’s Canada Growth Summit 2022, Hewie noted that malicious acts were easily carried out as organizations rapidly adopted new tech tools and employees worked from personal devices. Meanwhile, concerns over the public health crisis increased our vulnerability and opened us up to threats and spoofs, disguised as pandemic-related information.

The types of cyber threats over the past couple of years included the recent crippling of Sunwing Airlines operations due to a data breach and the cyberattack on Newfoundland and Labrador’s health care system. Those carrying out these threats are primarily:

  1. Nation State Actors – this includes Russia, China, Iran and North Korea that carry out attacks leaving billions of dollars in damage. Observations from the war in Ukraine have highlighted how Russian cyber-attacks further impact civilians in conflict.
  2. Organized Cyber Criminals – these have varying capabilities. They function in a professional capacity within a parallel illicit economy, making hundreds of billions of dollars and operating out of countries where the risk of prosecution is minimal. Some act in collaboration with nation states.
  3. Private Sector Offensive Actors – these are companies that build spyware to spy on citizens. Citizen Lab at the Munk School for Global Affairs and Public Policy is engaged in some excellent interdisciplinary work to bring details about these actors into the open.

Learning from cyber incidents and responding to cybercrime requires full participation from governments, tech companies, the private sector, academia and individuals.

Developing and agreeing to norms of behaviour for nation states and for technology companies (the Tech Accord is an excellent example) is essential to international deterrence and resiliency building. While it may have been perceived as a bold statement in 2017, the notion of a Digital Geneva Convention is now under serious consideration.

To counter and stop cyber threats, organizations must foster a culture of security. Two easy cyber hygiene steps are: to keep systems up to date, and to implement multifactor authentication. According to Hewie, “95% of attacks would be stopped by enabling multifactor authentication and right now only 22% of Microsoft customers have this turned on.”

Fostering a culture of security also requires leading with empathy. Ongoing security training for staff is essential. Equally, Hewie advises that “these are professional attack groups, and humans aren’t going to be perfect, so making a space for employees to feel comfortable to report is important.”

Thumbnail of the YouTube player of the "The Growing Threat of Cybercrime and Protecting the Cybersecurity of the Planet" video.
Video. The Growing Threat of Cybercrime and Protecting the Cybersecurity of the Planet (external link). Screenshot of the Public Forum Policy video. Copyrights Public Forum Policy – YouTube