Canada Gets Out the Cybersecurity Awareness Message

Canada is getting serious about cybersecurity. Every October, The Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) amplify this pressing concern during Cybersecurity Awareness Month (CSAM), an annual public awareness campaign managed by the Canadian government’s “Get Cyber Safe” program.

Cyber Centre launched a National Cyber Security Strategy in 2018 to strengthen cybersecurity nationwide and protect critical infrastructure. The strategy, which includes CSAM, received $507.7 million in funding through 2023.[1]

The CSAM initiative is based on an alliance of federal government and tech industry experts and aims to educate the public about the importance of good cybersecurity hygiene. Featured are primers on how to protect sensitive information and the basic steps people and organizations can take to safeguard themselves, their families and their workplaces. Best practices, such as keeping current with software updates and using complex passphrases in lieu of one-word passwords, are popularized, as are ways to avoid phishing scams and use Wi-Fi safely. A special emphasis this October is on securing smartphones, computers and other Internet-connected devices like TVs, thermostats and doorbells.

Cyber-Insecurity in Canada

The risk of a cyberattack is especially acute in Canada. The federal government says that Canadian cybercrime is responsible for over $3 billion in economic losses each year.

A recent study by RSA Security, a provider of cybersecurity and risk management solutions, found that nearly seven out of 10 phishing attacks worldwide take place in Canada — far more than in the U.S.[2] These attacks largely center on Interac, a payment service provider used by most Canadian financial institutions, which allows the attacker to target several banks with just one attack.

In 2019, according to the Office of the Privacy Commissioner of Canada, cyberattacks affected over 28 million Canadians and increased six-fold over the preceding twelve-month period.[3] In 2020, a report on credential stuffing by the Canadian Government’s Office of the Chief Information Officer identified suspicious activities affecting 48,500 Canada Revenue Agency user accounts.[4] This past August, a hacker group claimed responsibility for a malware attack on Canada’s Royal Military College (RMC) and some of its affiliates. The Department of National Defense (DND) is working with the Canadian Centre for Cyber Security to investigate the attack.[5]

There’s also growing concern that Canadian school children using less-secure home networks for remote learning may be at risk. Experts believe that school districts, which have far less funding and trained personnel to combat cybersecurity threats than their corporate counterparts, may be easy prey for phishing scams.[6]

A United Front Against Cyber Threats

In the face of all this, an array of Canadian companies and organizations are teaming up with CSAM to promote cybersecurity best practices. Among them are PocketLabs, which bills itself as a company of ethical hackers; ISACA, a global association of IT professionals, and the Department of National Defense and Canadian Armed Forces, which are spreading the word about CSAM and the importance of cyber resilience on social media.

Canadian colleges and universities are also embracing CSCAM and its mission. McGill University IT Services is producing numerous events, including a cybercrime workshop and a webinar about the dark web. Other online events to heighten awareness will be held by the University of Toronto Mississauga and Ontario Tech.

Canadians can also take advantage of Canadian Shield, a free threat-blocking service provided by the non-profit Canadian Internet Registration Authority.

The Canadian campaign is part of a global movement to combat cybercrime. This October, similar public education drives will take place in the U.S. — where the National Cyber Security Alliance and Cybersecurity and Infrastructure Agency are co-leading a “Do Your Part. #BeCyberSmart” campaign for National Cyber Security Awareness Month[7] — and the EU, where the European Union Agency for Cybersecurity and the European Commission are promoting “Think Before U Click” as the motto for European Cybersecurity Month.[8]

The Bottom Line:

Held every October in Canada, Cybersecurity Awareness Month educates Canadian citizens and businesses about the cybersecurity threat and the importance of securing their devices. As cyberattacks in Canada continue to surge, individuals, corporations and public institutions including schools are increasingly at risk. CSCAM and other programs such as Canadian Shield aim to counter this threat with widespread public awareness.  

[1] “National Cyber Security Action Plan (2019-2024),” Public Safety Canada, Government of Canada

[2] “RSA finds two-thirds of phishing attacks directed at Canada,” Search Security

[3] “A full year of mandatory data breach reporting: What we’ve learned and what businesses need to know,” Office of the Privacy Commissioner of Canada

[4] “Update from the Office of the Chief Information Officer of the Government Canada on recent cyber attacks,” Treasury Board of Canada Secretariat

[5] “Malicious actors leak allegedly stolen Canadian military college's data,” Insurance Business Canada Magazine

[6] “The Big “Back-to-School” Risk that Cannot be Overlooked,” Insurance Business Canada Magazine

[7] “Cybersecurity Awareness Month, 2020 Theme,” National Cyber Security Alliance

[8] “ECSM 2020,” European Union Agency for Cybersecurity