Canadian companies threatened by Russian cyberattacks in retaliation for sanctions

TORONTO — Canadian businesses risk being the target of online attacks if Russia chooses to retaliate against government sanctions, a cybersecurity expert said Friday.

TORONTO — Canadian businesses risk being the target of online attacks if Russia chooses to retaliate against government sanctions, a cybersecurity expert said Friday.

Karim Hijazi, founder and CEO of Texas-based cyberintelligence firm Prevailion, said Canadian companies could fall victim to bad actors trying to compromise critical infrastructure and government entities.

That might be the most likely approach because government, critical infrastructure and the private sector are so intertwined and easy to access, Hijazi said.

“They’re going to use that connectivity to get where they need to get to,” he said of potential Russian actions.

Hijazi also noted that the malware that Russia would activate is already in Canada.

“They’ve already installed the plumbing they need to do the damage,” he said.

A spokesperson for the Communications Security Establishment (CSE) said in an email that the federal agency monitors cyber threats targeting the finance, energy and telecommunications sectors.

CSE encourages all critical infrastructure sectors in Canada to monitor increased cyber threat activity.

Many companies have been vigilant and prepared for potential cyber threats from Russia, according to Bob Gordon, strategic adviser to the Canadian Cyber ​​Threat Exchange (CCTX), created for private and public sector organizations to collaborate and cooperate on cybersecurity risks and challenges.

“We had discussions about this with our members for weeks starting in January, when there were many indications of cyberattacks,” he said in an interview.

Cyberattacks have exploded since the COVID-19 pandemic caused an increase in online societal activity. A ransomware incident crippled the US-based Colonial Pipeline Company in May 2021, while more recent Canada-specific events include visits to Newfoundland and Labrador healthcare networks and the Toronto Transit Committee.

Concerns about Canada’s ability to manage and prevent these types of attacks have grown, even as companies have invested heavily in their cybersecurity systems, Gordon said.

A survey conducted by the Canadian Internet Registration Authority last summer found that the private sector is not moving fast enough when it comes to investing in cybersecurity.

The federal government launched a cybersecurity innovation program last May with an investment of $80 million over four years.

This report from The Canadian Press was first published on February 25, 2022.

Adena Ali, The Canadian Press