As state and criminal actors increasingly resort to cyberattacks to confound Western allies, Canadians are wide open to malicious threats.
The Trudeau government needs more capacity and resources to prevent cybercrime as the increasing number of cyberattacks become more sophisticated, according to a report by the auditor general.
According to the report, the government has “breakdowns in response, coordination, enforcement, tracking, and analysis between and across the organizations responsible for protecting Canadians from cybercrime.”
Government agencies like the Royal Canadian Mounted Police, Communications Security Establishment Canada, and the Canadian Radio-television and Telecommunications Commission were found to be ill-equipped to effectively enforce laws intended to protect Canadians from cyberattacks
“In 2022, victims of fraud reported financial losses totalling $531 million to the Canadian Anti Fraud Centre. Three-quarters of these reports were cybercrime related,” reads the Auditor General’s report.
“The centre estimates that only 5% to 10% of cybercrimes are reported. Without prompt action, financial and personal information losses will only grow as the volume of cybercrime and attacks continues to increase.”
The RCMP, CSEC and Public Safety Canada have all considered implementing a single place where Canadians could report cybercrime incidents, however, this has yet to happen.
Currently, Canadians are left to determine for themselves which agency or organization is most appropriate to report to based on the nature of their incident.
One such incident involved a complaint regarding an offer to sell child sexual exploitation material that was reported to the CRTC, who in response did not refer the matter to law enforcement but instead told the complainant to contact law enforcement themselves directly.
Another incident involving the CRTC saw the agency deleting evidence and returning electronic devices to a person being investigated for violation of anti-spam legislation so that the CRTC could avoid being served with a search warrant by a law enforcement agency.
“Between 2021 and 2023, Communications Security Establishment Canada deemed that almost half of the 10,850 reports it received were out of its mandate because they related to individual Canadians and not to organizations,” reads the report.
“However, it did not respond to many of these individuals to inform them to report their situation to another authority.”
The Auditor General is recommending that Canada strengthen its cybersecurity workforce across each of these organizations, including hiring more staff to work for the RCMP’s cybersecurity investigative teams.
The report estimates that one-third of positions across all teams are presently vacant and those positions must be filled to update Canada’s National Cyber Security Strategy.
Furthermore, the RCMP has yet to deploy its National Cybercrime Solution, an information database which would make reporting cyber crimes easy for victims and would also be shared amongst law enforcement agencies.
The database would also allow for the ability to cross-reference malware samples throughout Canada and internationally.
Cybersecurity was also recently cited as a top vulnerability to the country’s financial stability by former Bank of Canada governor Stephen Poloz.