The recently released Canadian Cyber Threat Intelligence Annual Report shows how the Canadian cyber threat landscape has shifted radically in the last year. Changes to the threat landscape have been further fuelled by increasing geopolitical tensions, fluctuating economic conditions and rapid digitization in the wake of the pandemic.
Eleven per cent of Canadian CEOs now believe their company will be either highly or extremely exposed to cyber risks over the next 12 months with that number increasing to 18% over the next 5 years.
As governments and businesses grapple with how to enhance their resilience in the face of this growing risk, criminals are embracing artificial intelligence (AI) and other innovations to enhance their strategies and launch increasingly complex and sophisticated cyber attacks.
Highlighted in the report are the top cyber threats in the past year which include sophisticated attacks such as ransomware, supply chain disruptions, phishing attempts, and exploitation of vulnerabilities and gaps in cloud computing and solutions which have led to tremendous financial losses for some Canadian organizations.
“Even as criminals look to use new technological innovations and AI to enhance their cyberattack capabilities, AI can be used to enable organizations to quickly detect and combat potential threats,” says Umang Handa, Partner, National Cybersecurity Managed Services Leader, PwC Canada.
“In 2023 and beyond, organizations will need to embrace a more holistic approach to cyber security to manage the complexity of the rapidly evolving cyber threat landscape.”
Over the next year, these five key trends will influence the Canadian threat environment:
- AI will reshape the cyber threat landscape
- Last year saw rapid developments in AI-powered cyberattacks. Mainstream developments, such as generative AI platforms and solutions, could become targets in 2023 and beyond. Organizations will need to embrace these platforms and Generative AI driven tech, but also put in place the right controls, in order to secure the organization.
-
- Last year saw rapid developments in AI-powered cyberattacks. Mainstream developments, such as generative AI platforms and solutions, could become targets in 2023 and beyond. Organizations will need to embrace these platforms and Generative AI driven tech, but also put in place the right controls, in order to secure the organization.
- We will see a surge in the sophistication of ransomware operators
- Ransomware will be one of the most critical cyber threats to Canadian organizations. It is expected that ransomware operators will use increasingly sophisticated strategies to disrupt organizations and drive larger ransom demands.
- Ransomware will be one of the most critical cyber threats to Canadian organizations. It is expected that ransomware operators will use increasingly sophisticated strategies to disrupt organizations and drive larger ransom demands.
- Data breaches will remain a key threat, particularly third-party breaches
- In 2023 and beyond, data breaches will likely continue to be a big threat for Canadian organizations—particularly breaches that are the result of third-party compromise. Organizations will need to consider security risks associated with supply chain partners and other third parties.
- In 2023 and beyond, data breaches will likely continue to be a big threat for Canadian organizations—particularly breaches that are the result of third-party compromise. Organizations will need to consider security risks associated with supply chain partners and other third parties.
- Geopolitical tensions may drive additional cyber threat activity
- Ongoing conflict and tension between nation states will raise cyber risk levels and drive an increasing number of cyberattacks. The targets of these attacks won’t necessarily be limited to opposing governments—organizations operating in critical infrastructure and key industries could also find themselves at risk.
- Ongoing conflict and tension between nation states will raise cyber risk levels and drive an increasing number of cyberattacks. The targets of these attacks won’t necessarily be limited to opposing governments—organizations operating in critical infrastructure and key industries could also find themselves at risk.
- Threats focused on IoT and OT devices will increase quickly
- The power that Internet-of-Things (IoT) and operational technology (OT) devices offer, make them a target for criminals looking to disrupt business operations, public safety and national security.
As criminals gain access to more sophisticated malware tools and technologies at minimum cost, cyberattacks are expected to become more targeted and potentially more damaging. Companies will need to have timely intelligence to understand emerging threats and reduce the risk by staying ahead of cyber attackers.
Image by Tumisu from Pixabay