Last week was the annual ASIMM Symposium, where several cybersecurity experts discussed fascinating and disturbing news topics. Among them, the challenges of cyberterrorism in 2018, presented by retired Brigadier-General Gaston Côté of the Canadian Armed Forces. Terrorist cyber threats appear to be growing, and organized criminal group collaboration with terrorist groups is credible. Conflicts slowly take the form of cyberwar, and Canada would be 20th in the world in security.
What does the potential impact of such a threat look like? The ability to undermine a country’s economy and paralyze critical infrastructure. If a ransomware blocked power supply throughout the Montreal area, do you have alternative sources of energy? Who enjoys taking a cold shower on a January morning? We remember the ice storm crisis of 1998…
We have gone far beyond the days when antivirus was sufficient to protect networks. It takes only one click for a hacker to break into an organization’s systems. Let’s consider the following scenario, a phishing scam is sent by email to all the staff of a company. The link is clicked, the attacker has entered your system, and he remains incognito for several weeks, even months. He concludes everything with a ransomware attack. Your systems are blocked, and there is no way to know what the hacker was able to recover before the attack.
The most likely risk related to intrusions is internal staff. A disgruntled employee, an unfortunate dismissal or simply a mistake of good faith can lead to irreparable disasters for organizations. Since we can not eliminate the human factor (although artificial intelligence could probably help improve safety), what should be done to limit the risk?
Among the measures to be taken are safety programs focused on prevention and incident management, proper training and awareness of employees, and regular monitoring within organizations. We also note that the desire to save money or a deficient budget increases the risk. As mentioned by Luc Lefebvre, another presenter at the RSI, $1 saved on cybersecurity can cost organizations millions following a cyberattack.
And what about national security? It was learned that Canada was participating in several web-based monitoring programs. Of these, some agencies would recover files unlawfully released on the darkweb by hackers. It is unclear what these files contain, and while state surveillance can be good news for national security, we still wonder about our right to privacy.
New technologies evolve rapidly, as much as cyberthreats. It would even be possible to generate a false GPS signal from satellites. And what about quantum computing? This will be the subject of another paper.