It’s time for Canada to fight back against the ransomware epidemic

As published on LinkedIn

In recent months, criminal gangs struck some of the world’s most prominent businesses. The victims included a British luxury automaker, Japan’s largest brewer, and an American aerospace company.

No employees were held up, no safes were cracked, no car chases ensued. Instead, with a few clicks of a mouse, the attackers breached the organizations’ digital systems to pillage sensitive data and extort millions in ransom payments.

As we mark Cybersecurity Awareness Month, Canadians must face an uncomfortable truth: we are not immune from this global crime wave. In fact, one out of every six businesses in this country experienced a cyber incident in 2023, with “ransomware” quickly becoming the culprits’ tool of choice.

The economic toll is staggering. In 2023 alone, Canadian businesses spent an estimated $12.2 billion to detect, prevent, and recover from such attacks. This excludes the additional $13 billion that cyber gangs siphon from our economy each year in ill-gotten gains.

To better understand the business impact, consider the case of the British carmaker. When hackers paralyzed its assembly line for more than six weeks, costing the company £50 million in losses per week, the government was forced to underwrite a £1.5 billion loan to protect the manufacturer’s 100,000-employee supply chain from collapse.

Ransomware is not just an economic or business problem, though.

Attacks often disrupt essential services that citizens rely on daily. When ransomware attackers took down the American aerospace company’s automated airline check-in system, for instance, thousands of passengers found themselves stranded for days across some of Europe’s busiest airports.

Even worse, ransom payments extorted from victims often finances far darker activities, such as human trafficking, terrorism, and even the development and proliferation of weapons of mass destruction.

In short, ransomware doesn’t just drain our economy; it’s a direct threat to Canadians’ safety and security.

Today, the economics of cyberspace heavily favour the aggressor. Cybercriminals enjoy easy access to black-market hacking tools, use of near-anonymous digital payment systems, and in growing number of cases, government protection.

Indeed, foreign states are increasingly co-opting criminal gangs to advance their own geopolitical objectives – helping them evade sanctions, steal advanced technologies, or conceal state-backed cyber operations behind a façade of criminality.

This means that individuals armed with a laptop and a few lines of malicious code can quickly and cheaply bring an enterprise to its knees from halfway around the world. Once the damage is done, the perpetrators can conceal traces of their activities and slip away with impunity.

To be sure, Canada has come a long way in bolstering its digital defences. Governments and business alike have invested heavily in cyber capabilities, intelligence sharing, and workforce training. Yet attacks continue to grow in frequency, sophistication, and impact.

The problem isn’t a lack of effort, it’s a lack of coordination. Solutions have been deployed in silos without the kind of unified national action that this challenge demands.

What’s needed now is a comprehensive national approach, one that recognizes that no single actor – public or private – has the requisite resources, authority, or reach to rebalance the economics of cyberspace in Canada’s favour.

To be effective, this approach should focus on four priorities:

1. Deter: the Canadian government must adopt a whole-of-government strategy to deterring ransomware attackers. Among other things, the Prime Minister should publicly designate ransomware as a top-tier national security priority, and commit Canada’s security and intelligence community to deploying all necessary resources, capabilities, and authorities to pursue malicious actors who target Canada.

2. Disrupt: the government and industry must work closer together to break the ransomware business model. This should include cutting-off ransomware actors’ access to the critical infrastructure they need to launch attacks – including payment systems, hosting servers, and dark web marketplaces.

3. Develop: the government must work with industry to better prepare organizations for attacks by jointly developing frameworks for ransomware mitigation, response, and recovery – supported by nationwide awareness campaigns and public-private tabletop exercises to test readiness.

4. Deploy: the government must improve the private sector’s ability to respond to ransomware attacks by deploying new tools, such as safe-harbour legislation which would encourage victims to voluntarily share information with each other and government so that one organization’s detection becomes another’s protection.

Cyber criminals thrive in the gaps between public and private efforts. Closing those gaps will require trust, coordination, and shared resolve. Canada has the talent, technology and expertise to meet this challenge. What’s needed now is the will – and the unity – to act.