Canada’s Emerging Cybercrime Crisis

Posted August 10, 2017

Canada’s Emerging Cybercrime Crisis

On a recent business trip to Canada, I found myself wondering: What would Marshall McLuhan make of his country’s love affair with the promised advantages of digital technology—and the profound dangers that threaten it?

After all, it was 1962 when the professor of English at the University of Toronto first wrote about his vision for something that would one day become known as the Internet.

Coining the term “global village,” he described a day when everyone would possess anytime, anywhere access to all the world’s information through the power of technology—decades before it came to be.

In fitting style, Google Doodle celebrated what would have been McLuhan’s 106th birthday on July 21, at a time when Canada stands tall as one of the world’s most advanced digital economies.

But it also comes as his global village—and his nation—face heavy fire from cybercriminal attacks expected to cause $6 trillion in losses worldwide by 2022.

Canada in the Crosshairs

By any measure, Canada is the very definition of a digital age marvel.

Nearly three-fourths of its population use online and mobile banking, up 52 percent in five years, according to the Canadian Bankers Association (CBA). Indeed, 17 percent say mobile is now their primary method of banking.

The same can be said for digital transactions of all kinds. A full 63 percent of Canadians routinely use online and mobile services to make or receive payments. Twenty-six percent say they don’t expect to use cash at all within 10 years.

I’ve seen this tremendous growth in digital adoption firsthand during trips to meet clients over the past few years. And it’s borne out by new ThreatMetrix data that shows double-digit annual increases in mobile transactions, including a 4-percent increase in just the past three months.

Yet, for all this progress, there’s trouble brewing. With its high volume of digital business, Canada has become one of the top five targets for cyberattacks, according to our new Q2 2017 Cybercrime Report.

Lost in Translation

In many ways, Canada offers a compelling counterpoint to India’s ambitious digital transformation efforts.

While that country is making tremendous strides to spur technological adoption when nearly half the population lives in poverty and doesn’t own a bank account, Canada’s well-banked, relatively wealthy citizenry is ahead of the curve even among industrialized nations.

While they exist on opposite ends of the digital maturation spectrum, both countries face very similar threats that could prove disastrous.

Here again, McLuhan offers insight from his prognosticating vantage point some 60 years ago.

“In this electronic age, we see ourselves translated more and more into the form of information,” he wrote. According to McLuhan, our identities, in essence, would become information, digitized within the global marketplace.

Unfortunately for far too many, that translated information about our identities is now on the loose, stolen through countless corporate data breaches in recent years and easily available to even the most unsophisticated cybercriminals.

In 2016 alone, 4.2 billion personal credentials were compromised worldwide, making it shockingly easy for fraudsters and organized cybercrime rings to harvest identity data, such as social security/insurance numbers, user names, passwords and PIN codes on the dark web. With this information in hand, thieves can take over existing banking and retail accounts, or create fraudulent new ones.

In general, cybercrime in the strongest economies (North America and Europe) primarily target victims in each other’s nations, according to the Q2 Cybercrime Report.

In other words, cybercrime follows the money. And as U.S.-based businesses have hardened defenses in recent months, fraudsters are looking north for fresh opportunities—and finding them.

A Target-Rich Environment

In the past year, 31 percent of Canadian businesses have reported losses between $1,000 and $50,000 due to cybercrime. Nearly 16 percent estimate losses between $50,000 and $5 million.

Ponemon Institute pegs the average cost of a data breach for Canadian companies at $5.78 million—up 12.5 percent in one year. And a full 57 percent of Canadian CISOs say their organizations are unlikely to detect sophisticated cyberattacks.

While Canada weathered the WannaCry ransomware attack largely unscathed, three major banks are busy mitigating schemes that employ a new version of the Trickbot Trojan, which steals banking credentials via man-in-the-browser attacks.

What’s more, Canada is already the No. 2-targeted country for mobile malware attacks after the U.S., and financial losses from phishing attacks via mobile text messages are up 476 percent in less than three years!

Worse yet is the growing concern that the country’s vital infrastructure is increasingly vulnerable to cyberthreats…a concern that is endemic in virtually every Western economy.

While current cybercrime losses stem from Canada’s role as a major trading partner with the U.S. and others, it’s worth noting the country does have its own home-grown cybercriminals…an all too familiar phenomena when it comes to cybercrime.

In 2014, a Canadian was arrested in connection to the massive cyberattack on Yahoo that resulted in the theft of information about at least 500 million Yahoo accounts. And this July, a Canadian was arrested in Thailand on suspicion of being the head of the dark web criminal marketplace that housed servers on Canadian soil. The bottom line is — cybercriminals are active in every country and extremely capricious in selecting their targets.

In part, that could help explain why device spoofing is by far the biggest attack vector in attacks coming from Canada, according to the Q2 report.

McLuhan to the Rescue

As Canadian organizations race to implement the appropriate level of defenses, they can find some keen guidance from McLuhan’s writings.

That’s because, in McLuhan’s mind, the digitization of our identities amounted to far more than just static data that can be stolen, spoofed or misapplied.

In his view, the global village would lead to “the technological extension of consciousness,” or the dynamic essence of our knowledge, our actions, our interests, habits, and more. Effectively, he described the establishment of our digital identity as the passport to all things online.

As it happens, many organizations are discovering that this is an apt description for the kind of digital identity intelligence increasingly seen as the key to fighting cybercrime.

Instead of relying solely on static login credentials, digital identity-based user verification systems analyze users and their devices, locations, activities and hundreds of other dynamic data elements. That data is compared against crowdsourced threat intelligence from billions of monthly transactions to discern the true identity and intent of the person behind each transaction…and all in real time.

By doing so, businesses can instantly detect and block fraudsters, even if they’re using legitimate credentials stolen from their victims.

Still, will it be enough to keep that global village safe for Canadian consumers and businesses?

As McLuhan himself put it, “the future masters of technology will have to be light-hearted and intelligent,” because the technology “easily masters the grim and the dumb.”

Here’s hoping the masters of the digital age help Canada continue its love affair with technology and its early adopter status —while enjoying the last laugh.

Frank Teruel

Frank Teruel

Chief Financial Officer, ThreatMetrix

close btn