CyberTip: Stay cyber safe this long weekend
As COVID-related Canadian travel restrictions are further relaxed starting October 1, Canadians may be travelling more than ever over the Thanksgiving long weekend. Make sure to stay cyber safe if you’re going to be on the move:
- At the office, ensure that appropriate security controls and monitoring are still in place, even with fewer staff around. As part of your incident response plan, make sure contact information is available for key staff who are away.
- Looking to beat the long weekend traffic? Watch out for hackers looking to prey on victims who are distracted by trying to get out the door quickly on Friday. Maintain your vigilance for suspicious emails or last-minute attachments, even in a scramble to wrap things up before heading off for a well-earned break. Hackers often choose long weekends to send phishing or “smshing” attacks impersonating banks or airlines with urgent updates, or spoofing hotel and attraction sites with last-minute deals.
- If you’re crossing the border, remember that U.S. Transportation Security Administration (TSA) staff and Canadian Border Services Agency (CBS) personnel still have the right to inspect or seize digital devices like phones, tablets, and laptops – and their definition of “reasonable cause” may not match yours.
Poll: Three in four Canadian post-secondary students are concerned about cyber safety
A new study conducted by Angus Reid for ISA Cybersecurity reveals that more than three quarters (76%) of Canadian university and college students surveyed are concerned about cyber safety – up 10% from pre-pandemic times. And the majority (79%) feel their university or college should be responsible for protecting students from cyber attacks. In fact, nearly half (46%) of those queried say it would influence their decision to attend a university or college if the school was known to have experienced a data breach or had a reputation for weak cybersecurity.
While nearly all respondents to the poll (96%) feel that it is important for students to learn about cyber safety, fewer than 2/3 of those surveyed have actually taken steps to minimize their risk of cyber attacks when using their computer or mobile phone for online learning.
“What’s eye-opening is that nearly one in three [31%] students indicated that they’re not confident their university or college keeps their data secure and protected from hackers,” noted Kevin Dawson, President & CEO of ISA Cybersecurity, adding that his organization is collaborating with IBM Security to help protect more educational institutions from cyber threats.
The complete results of the study were released on September 29 by ISA Cybersecurity, Canada’s leading cybersecurity-focused company.
Poll: only half of Canadians surveyed use anti-malware software or MFA
Results from a survey conducted by Ipsos for the Royal Bank of Canada suggest that only about half of those surveyed use basic cybersecurity protections like anti-malware software or multi-factor authentication tools. This, despite an overwhelming number of respondents indicating that they are concerned about their online safety.
The RBC poll, released September 27, suggests that 70-80% of respondents are concerned with unauthorized access to their online accounts or personal information, identity theft, hacked emails and social media accounts, or being victimized by online fraud.
The survey reveals that the 18-34 age group is “significantly more likely than their older counterparts to say they are knowledgeable about most threats to their safety and security of their personal information,” even though they are less likely to use anti-malware software or change their passwords regularly.
“The poll reveals that despite a high level of concern, most Canadians have not yet taken steps to protect themselves and might struggle to recover from a cyber-attack,” warned Adam Evans, Vice-President of Cyber Operations & Chief Information Security Officer at RBC.
Calgary Parking Authority apologizes for July 2021 cyber incident affecting nearly 150K customers
On September 27, the Calgary Parking Authority (CPA) issued an apology for a July 2021 cyber incident that exposed the personal information of 145,895 customers for 2½ months on the Internet. In the incident, an event-logging server used to monitor the authority’s parking system was left on the Internet. The data on the server was neither password-protected nor encrypted.
“Findings from the investigation indicated the unauthorized disclosure of personal information for 145,895 customers could have been accessed during the incident including elements of: names; emails; usernames; combined information elements of licence plates, validation tag numbers, vehicle information, residential address, and violation ticket information; and ParkingID numbers,” according to the statement.
In its breach update, the CPA advised that the database was secured within 20 minutes of being informed of the incident. However, in a July 2021 report by Techcrunch, CPA Communications Advisor Christina Casallas was quoted as saying that the server had been exposed from May 13 to July 28, 2021 before the open data was discovered by an independent researcher.
The CPA has indicated that their investigation revealed no indication that the data had been used for illegal activity, and the risk of further disclosure is low.
B.C. regional government confirms September cyber attack
On September 23, British Columbia’s Sunshine Coast Regional District (SCRD) confirmed that they were the “victim of a deliberate attempt by criminals to access information on [their] servers” earlier in the month.
“On Thursday, September 8 and for most of Friday, September 9, computer servers at the Sunshine Coast Regional District (SCRD) were offline,” the municipality said in the statement. “This caused an email outage at the SCRD and our website was also offline. The SCRD’s servers were back online within 16 hours with very little impact to services.”
The statement came shortly after the LockBit ransomware gang listed the Sunshine Coast Regional District on its “leaked data” site on the dark web. The LockBit dark web post included eight screen shots purporting to represent SCRD data, along with a warning that “ALL AVAILABLE DATA WILL BE PUBLISHED!” unless a ransom is received by October 4.
The SCRD is not the only local government in B.C. to fall victim to a cyber attack in recent memory. Both the nearby District of Squamish and the Resort Municipality of Whistler were targeted by hackers in separate incidents in 2020 and 2021 respectively. The LockBit ransomware gang is currently one of the most active cyber-criminal enterprises; they targeted the town of St. Mary’s, Ontario in a July 2022 attack, and the tech company Canadian Solar in September 2022.
Headquartered in the town of Sechelt, the SCRD is located on the southern mainland coast of British Columbia, northwest of Vancouver and across the Georgia Strait from Vancouver Island.