This content is made possible by our sponsors. Learn more about our OBJ360 content studio here.

Fortifying Canada’s cyber defences: Protecting critical infrastructure and empowering organizations

Microsoft Canada says the country needs to fortify its cyber defences

Two years into Russia’s war on Ukraine, governments and analysts are still uncovering new information about the sophistication, scope and severity of the widespread cyber operations aimed at devastating the Ukrainian government, military, economy and critical infrastructure.

In April of this year, the Canadian Minister of National Defence issued a stark warning for Canadian organizations – cyber threat activity by Russian-aligned actors targeting Ukraine’s partners is on the rise, and Canada is no exception. Cybersecurity remains a top priority for the defence industry. Recognizing the significance of safeguarding critical infrastructure and protecting national security, the defense industry plays a crucial role in developing advanced military technologies and capabilities to combat these evolving cyber threats.

These threats are not part of a distant, hypothetical future. In April, the head of the Canadian Centre for Cybersecurity indicated that a cyber threat actor had the potential to cause physical damage to critical infrastructure. While no physical damage occurred, the threat to critical infrastructure is very real. Critical infrastructure refers to networks and systems that Canadians rely on for essential services, such as energy, water and utility systems, financial services and healthcare. Nation states see critical infrastructure as a desirable target to help them gather information, develop a foothold in anticipation of future hostilities and to intimidate governments.

In an advanced, interconnected economy like Canada’s, cyber threats pose an important risk. Rapid technology and digital transformation across all sectors has created new challenges. For a critical service like healthcare, security vulnerability has increased due to the evolution of medical technology and rapid transition to electronic health records (EHRs).

But in many cases, breaches are caused by outdated systems and a lack of cybersecurity awareness. In recent years, the Ottawa Hospital has adopted a robust security posture following ransomware attacks that affected other healthcare organizations across the province and country. Using cloud scale defences to quickly contain attacks and the sharing of threat intelligence with partner institutions has been a key component of their digital transformation.  

While critical infrastructure is a key target for threat actors, Canadian organizations of all sizes across all industries are at risk of cyber attacks. The majority of attacks exploit gaps in the implementation of cyber security best practices.

Microsoft’s latest Digital Defense Report shared that ninety-eight per cent of cyber attacks can be thwarted by basic hygiene, including these foundational best practices:

  • Adopt a modern Zero Trust security framework – the traditional perimeter-focused defenses are no longer alone sufficient to protect internal networks and data. Zero Trust is a model to address the modern challenges of securing remote workers, protecting hybrid cloud environments, and defending against advanced cybersecurity threats.
  • Enable “phish resistant” multi-factor authentication – Cybercriminals don’t “break in”, they “log in” and weak login credentials can provide attackers with easy entry to gain unchallenged access to corporate resources. 
  • Keep up to date – Mitigate the risk of software vulnerabilities by ensuring your organization’s devices, infrastructure and applications are kept up to date and correctly configured. Utilizing cloud services reduces your burden on applying software updates.
  • Install and enable a modern security endpoint solution – Detect and block malware and malicious activity at a key point of entry using AI and cloud scale threat intelligence.
  • Protect your data – Implement information protection best practices such as applying sensitivity labels and enforcing data loss prevention policies. Protect the confidentiality of your information by limiting access to files or emails. Set “do not forward” or “do not print” restrictions where appropriate and classify documents to prevent employees from accessing them when they leave the organization. Back up your important data with cloud storage and maintain an offline copy to avoid data loss. 
  • Empower your employees with cybersecurity awareness training – Employees are your first line of defense and boosting or enhancing end user knowledge on security threats can go a long way to help reduce the risk of data exposure to phishing and other cyber attacks. 

Reporting cybercrimes plays a vital role in combating the ever-evolving threat landscape. Shockingly, only a small fraction of cybercrimes or frauds are reported to the police in Canada, presenting significant challenges for law enforcement. If you suspect you or your organization have fallen victim of a scam, fraud or cybercrime, contact your local police immediately. The Canadian Center for Cybersecurity provides detailed instructions and what to expect at www.cyber.gc.ca.

From the highest levels of government, to any one of Canada’s millions of small businesses, cyber attacks aren’t just likely, they’re inevitable. Today’s threats demand a heightened level of awareness and vigilance at every level to protect organizations and everyday Canadians from bad actors. Adopting good cyber hygiene and modern cloud solutions is our best defence and a critical step in preparing for a modern threat landscape that continues to evolve.

Learn more on how to protect yourself and your organization at www.microsoft.com/en-ca/security/business/security-101.

By John Hewie, National Security Officer, Microsoft Canada