Earlier this month, we learned the B.C. government was the victim of a “sophisticated” cybersecurity attack, which it later blamed on a foreign state or state-sponsored actor.
According to the government, said actors made three separate attempts to breach government systems, allegedly at the direction of a foreign state.
Public Safety Minister and Solicitor General Mike Farnworth told media on May 10 there was no evidence sensitive information, such as health data, was compromised in the attack.
Where have we heard that before?
As is the case in most cybersecurity incidents, that may be true—but absence of evidence is not evidence of absence.
In this case, the head of B.C.’s public service, Shannon Salter, told reporters the investigation into the attacks covers 40 terabytes of data—so finding said evidence may equate to finding a digital needle in a vast, opaque haystack. Doesn’t mean it isn’t there.
Not to mention the main reason the government suspects a foreign state is behind the attack is the sophisticated methods used, Farnworth said.
“Being able to do what [technical experts] were seeing, and covering up their tracks, is the hallmarks of a state actor or a state-sponsored actor,” he said.
Key words, covering their tracks. Given the “sophistication” and the sheer amount of data under scrutiny, odds are, sensitive information was compromised.
Govern yourselves accordingly—that’s just the world we live in.
With the amount of data about ourselves and our personal lives we willingly give up to participate in modern society, keeping it secure and uncompromised is a monumental task, if not wholly impossible.
The Resort Municipality of Whistler (RMOW) learned that first-hand in 2021, when it was hit hard by a ransomware attack, and forced to take critical systems offline and rebuild them from scratch.
Local officials, too, used the “no evidence” line—but smart money is on sensitive info being compromised there, too, given the extensive access hackers had to all of Whistler’s systems.
Still no definitive word on how much the entire debacle cost the municipality, both in terms of lost productivity and actual costs to rebuild the infrastructure—the RMOW was not able to provide details before Pique’s weekly deadline—but according to cybersecurity firm Cobalt, the average cost of recovering from a ransomware attack in 2023 was US$1.82 million.
More and more, cyberattacks are looking like an inevitability.
In the case of the provincial government, 76 people are employed year-round to protect against these sorts of threats, with a total cybersecurity budget of about $28 million, and according to a report from CTV News, government ministries and agencies, along with all their websites, networks, and servers, face about 1.5 billion “unauthorized access” or hacking attempts daily.
Billion, with a B. Every day.
How do you defend against that, when the threat is constantly growing and evolving, fuelled by new technology and new fraudulent tactics?
According to Cobalt, worldwide costs of cybercrime are estimated to hit $10.5 trillion by 2025, while a staggering 72.7 per cent of all organizations in the entire world reportedly fell prey to a ransomware attack in 2023, according to Statista.
Ransomware was identified as the No. 1 concern among security professionals at organizations surveyed, and nearly half of all companies now have a policy to pay ransoms associated with cyber threats (up 13 per cent from 2022).
However, only eight per cent of businesses that pay ransom to hackers get all of their data back in return, according to security firm Sophos.
According to Security Magazine, there are more than 2,200 cyberattacks every day, which equates to about one every 39 seconds.
And thanks to new technology, the already astounding numbers will only increase from here—about 85 per cent of cybersecurity professionals surveyed by Cobalt attribute the recent increase in attacks to the use of generative AI by bad actors, and about 46 per cent believe AI’s integration into general business operations will make them more vulnerable.
What does all this mean for the average person?
Well, the possibility of having your banking information exposed or your identity stolen (if it hasn’t happened already) gets a little bit greater each year—but personal financial attacks are small potatoes compared to the implications of state-sponsored foreign influence.
As political columnist Rob Shaw pointed out in a May 13 column, Canada is already mired in a controversial foreign-interference inquiry, and the BC NDP owes British Columbians far more transparency than it’s giving them in an election year.
“The BC NDP is not to blame for the cyberattacks occurring. But they will be to blame soon if they keep letting the risk-averse lawyers, security analysts and bureaucrats call the shots by throttling the flow of public information,” Shaw wrote.
“We elect politicians to lead. They take the best advice of the experts, weigh the risks and make decisions in the public’s best interests. In this case, the best interests of our province—after a cyberattack involving a foreign government, on the eve of an election in a country that’s being targeted by foreign interference—is to release much more information about what’s happened and who is responsible. Immediately.”
Modern society is entering uncharted territory as our world shifts increasingly online, and obfuscatory tech such as AI and deep fakes presents us with our own custom visions of “reality.”
Governments and politicians understandably have their hands full deciphering it all—but as technology further blurs the lines between fact and fiction, truth and transparency have never been more important.
