Canadian companies at risk from Russia cyberattacks in retaliation from sanctions

Adena Ali, The Canadian Press
Published Friday, February 25, 2022 9:45PM EST
Last Updated Friday, February 25, 2022 9:45PM EST

TORONTO – Canadian businesses are at risk of being targeted for online attacks if Russia chooses to retaliate against government sanctions, a cybersecurity expert said Friday.

Karim Hijazi, founder and CEO of Texas-based cyberintelligence firm Prevailion, said that Canadian companies could be victims of bad actors trying to compromise critical infrastructure and government entities.

This could be the likely approach because government, critical infrastructure and the private sector are so intertwined and subject to easy access, Hijazi said.

“They’re going to use that connectivity to get where they need to get,” he said of potential Russian actions.

Hijazi also noted that malware Russia would activate is already in Canada.

“They’ve already installed the plumbing they need to do the damage,” he said.

A spokesperson from the Communications Security Establishment (CSE) said in an email that the federal government agency is watching for cyberthreats directed at financial, energy and telecommunications sectors.

The CSE encourages all of Canada’s critical infrastructure sectors to monitor increased cyberthreat activity.

Many businesses have been vigilant and preparing for potential cyberthreats from Russia, according to Bob Gordon, strategic adviser with the Canadian Cyber Threat Exchange (CCTX), created so private and public sector organizations collaborate and co-operate on cybersecurity risks and challenges.

“We’ve been having discussions about this with our members for weeks starting back in January when there were lots of indications of cyberattacks,” he said in an interview.

Cyberattacks have been soaring since the COVID-19 pandemic prompted an increase in societal activity online. A ransomware incident crippled U.S.-based Colonial Pipeline Company in May 2021 while more recent Canada-specific events, include hits on Newfoundland and Labrador’s health-care networks and the Toronto Transit Commission.

Concerns about Canada’s ability to handle and prevent these sorts of attacks have been mounting even though businesses have been investing heavily in their cybersecurity systems, Gordon said.

A survey conducted by the Canadian Internet Registration Authority last summer revealed that the private sector is not moving fast enough when it comes to cybersecurity investment.

The federal government launched a cybersecurity innovation program last May with an investment of $80 million over four years.

This report by The Canadian Press was first published Feb. 25, 2022.