Cybersecurity experts have warned that Russian cyberattacks will be launched against Canada – and could already be happening – as the nation continues to sanction Moscow over its invasion of Ukraine.
Farshad Abasi, the chief security officer at the Vancouver-based cybersecurity company Forward Security, told Financial Post that the cyberattacks “may already be happening and we don’t even know it.”
“If they haven’t already, they will, and we need to be prepared,” said Abasi.
David Shipley, CEO and founder of Fredericton-based Beauceron Security, is of the same belief, and has warned that Russia’s cyberwar capabilities “are indeed frightening.”
“We are literally and figuratively poking the bear,” said Shipley. “So Canadians should not feel that we are not connected to this conflict. We are.”
Many infamous cybercrime groups operate within Russia, but the one group the cybersecurity industry has been keeping a close eye on is Sandworm – a unit of Russia’s military intelligence organization that has had a history of disrupting infrastructure worldwide. Sandworm is suspected to have been responsible for the 2015 attack on Ukraine’s power grid, and the 2017 NotPetya malware attack on Ukraine, which spread worldwide. The group allegedly also interfered in the 2017 French presidential election and the 2018 Winter Olympics in PyeongChang, South Korea.
Financial Post reported that while larger Canadian companies may be able to stave off Russian state-sponsored cyberattacks, the same may not be true for small businesses. Citing data from an Insurance Bureau of Canada (IBC) report last year, the news outlet said that nearly half of Canadian small businesses suffered a cyber attack, which cost them over $100,000 in 2021. Despite this, the same report also found that 47% of smaller companies indicated that they do not have a budget allocation for cybersecurity.
Cyber Defence Corporation co-founder and COO Elana Graham agrees with IBC’s findings, noting that small- and medium-sized businesses are some of the “most targeted and least defended.”
“For companies that don’t have that sort of layered plan in place, [a cyber attack] can be an extinction-level event,” warned Graham.
Shipley noted that when the pandemic shifted businesses online, hacking incidents began to trend upward.
“Just being digital makes [small businesses] vulnerable,” cautioned Shipley.