The cyber risk landscape continues to evolve at an alarming rate. Cyber adversaries are leveraging new technologies to innovate powerful malware variants and new hacking techniques. On the other hand, a pervasive cybersecurity talent shortage hampers organizations’ efforts to secure their critical infrastructure and data from attacks. However, companies can mitigate the chronic shortage of knowledgeable cybersecurity professionals by prioritizing talent, expertise, and experience over the traditional hiring practices, including those that require minimum educational qualifications.

E-commerce platforms and sites are hot targets for attacks and breaches since cybercriminals consider them as treasure troves of financial, personal, and business data. Regardless of the business size, a breach of an e-commerce platform can cause huge financial losses by destroying customer trust, lawsuits, and stolen data. eCommerce businesses are mindful of the security issues facing them and have increased spending on security measures. A 2020 VMWare Carbon Black Cybersecurity Outlook Report revealed that 77% of companies included in the study have invested in new security measures, whereas 69% have hired more security personnel.

"For every lock, there is someone trying to pick it, or break it." - David Bernstein

One of the biggest problems with traditional user ID and password login is the need to maintain a password database. Whether encrypted or not, if the database is captured it provides an attacker with a source to verify their guesses at speeds limited only by their hardware resources. Given enough time, a captured password database will fall.

As processing speeds of CPUs increase, brute force attacks have become a real threat. GPGPU cracking can produce more than 500,000,000 passwords per second even on lower end gaming hardware. Depending on the software, it can take as little as 160 seconds to crack a 14-character alphanumeric password. A password database alone does not stand a chance against such methods when it is a real target of interest.

The financial industries of most countries worldwide use emerging innovative technologies to cut down operational costs, enhance customer services, and automate work. For example, organizations in the Canadian financial sector heavily depend on Fintech, the Internet of Things, quantum computing, the cloud, and artificial intelligence, among others, to enable electronic financial transactions and data transfer between payment systems, institutions, vendors, and clients.

However, while these interconnections promise increased efficiency and faster communications, they have become attractive targets in today’s highly sophisticated and rapidly evolving cyber threat landscape. For example, a cyberattack that compromises only one financial organization can potentially spread to external partners, which may ultimately disrupt critical international and national financial systems.

Unsurprisingly, motivations like financial gains from transaction values that amount to billions of dollars daily have seen the financial industry face frequent and complex cyberattacks. For instance, Canada’s population has embraced online banking transactions more and more, with 76% of Canadians preferring mobile devices and online banking for all transactions.

In the past, the real estate industry has been known to be slow in embracing technology. However, this situation is changing. The PwC report on Emerging Trends in Real Estate 2021 found that the COVID-19 pandemic forced the real estate sector to embrace various technology solutions, including virtual open houses, digital payments, collaboration tools, and property technology to enhance business continuity. Likewise, the Emerging Trends in Real Estate 2022 reports that Canadian real estate companies can successfully navigate forces of change through accelerated digitization that plays a significant role in both delivering efficiencies and creating the experiences and services the customers want. The latest report points out construction technology, increased data analytics, and digitizing operations as the key area of focus for the real estate sector in 2022.

Cybercrime has increased exponentially worldwide, mostly due to significant events that lead to a rapidly changing threat landscape. Most nations have seen increased cyber threats across sectors due to significant incidents ranging from the COVID-19 pandemic to the Russia-Ukraine conflict, with the retail industry bearing the brunt of the attacks. In Canada, for instance, at least three out of ten companies have reported a spike in attacks, and 80% of businesses fell victim to phishing attacks. Also, 25% of Canadian organizations have reported data breaches that target sensitive employee and customer data.

In addition, Canadian organizations in the retail industry have suffered numerous attacks in the recent past. For example, JBS, one of the largest global, suffered a devastating ransomware attack in 2021 that saw it shut down operations in Canada, the US, and Australia, resulting in a loss of more than $11 million. Also, an unauthorized party compromised the user credentials of the Canada Revenue Agency, resulting in more than 800,000 taxpayers being unable to access their accounts. Whether you look at cybersecurity in Montreal, Toronto, or any other Canadian city, the statistics show that cybercrime is getting worse, and the retail industry suffers innumerable damage.

The COVID-19 pandemic caused many companies to adopt remote working strategies in line with social distancing and isolation regulations implemented to combat its spread. As of March 2021, approximately five million Canadian workers, or 20% of Canadian employees, were working from home. In contrast, only 4% of employees worked remotely in 2016. Now, most COVID restrictions have been lifted, but many companies have allowed their workforce to continue working remotely. A 2021 study found that only 9% of Canadian workers expressed interest in working from the office fully, 15% wanted to work from home all the time, while 40.8% of workers suggested a hybrid working model.  

The Canadian Government has joined other countries in toughening sanctions against Russia amid the ongoing Russia-Ukraine conflict. However, Russia has insisted it will retaliate against countries that meddle in the conflict, placing the Canadian Government as a potential target of Russian-sponsored attacks.

Other than Russian cyber threats, the Canadian Government is a prime source of attacks from other state-nations and cybercrime groups. In addition, the Government is responsible for securing critical infrastructure and spearheading efforts to enhance national cybersecurity preparedness. Therefore, cybersecurity for Government is essential to thwarting cyber espionage and attacks targeting critical infrastructure.

Countries use cyberattacks as a tool for modern warfare, and the concept has been used extensively in the Russia-Ukraine conflict to spread disinformation and demoralize opponents. On the day Russia started the invasion, some critical Kyiv websites, including the government, parliament, and Foreign Ministry sites, were offline and inaccessible. Certainly, Russian hackers launched large DDoS attacks to overwhelm the infrastructure and crash the websites. In addition, Ukraine blamed the Kremlin for a data-wiper malware found on Ukrainian computers, which echoed the NotPetya malware attack in 2017 that severely impacted the Ukrainian economy. With heavy fighting raging in Ukraine, cyberspace has turned into a secondary battlefront.

The past decade has seen a major transformation in the realm of enterprise network and security.  The traditional data center approach no longer fits the changing landscape that we are in today. With cloud-based security solutions and with the pandemic elevating the need to work and access devices and applications virtually, the need for enterprise network security to become more agile and adapt accordingly has become more important than ever. 

According to Flexera’s 2021 State of the Cloud report, for the 5th year in a row, optimizing cloud is the top initiative for the year ahead, with migrating more workloads to the cloud a close second.