Experts Say Canada Failing to Stop Hackers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.baystreet.ca/articles/techinsider.aspx?articleid=23864

Groups trying to police the Internet accuse Canada of lagging behind other
countries in defending citizens and businesses against malicious hackers
and cyber-criminals.

Since 2010, Public Safety Canada has spent $245 million on defending
government computer networks, safeguarding critical infrastructure and
educating the public.

It has also earmarked $142 million over the next five years to tackle
cyber-threats — particularly against critical infrastructure. But leaders
in Canada's policing, IT and cyber-security sectors say the federal
strategy is focused primarily on national security threats and does little
to combat the dramatic growth in email scams, online extortion and breaches
at corporate computer networks.

Canadians are also largely in the dark about the scope of cybercrimes given
the country has no central agency to track online scams and malicious
electronic attacks.

What's more, there are no federal laws to force companies to disclose
hacks, security breaches, thefts of data or money so the general public has
incomplete knowledge of which companies have been compromised.

Canada does have a Spam Reporting Centre and a government run Canadian
Anti-Fraud Centre, but experts say neither is equipped to handle the
exploding array of cyber-scams and malware that are targeting home and
business computers.

This past spring, police forces sent 17 of their executives on an
international study mission to learn how governments in the U.S., Europe,
India, Singapore, Australia and New Zealand are grappling with cybercrime.

The group identified "the urgent need to increase reporting of cybercrimes
to police," and pointed to Australia's ACORN program (Australian Cybercrime
Online Reporting Network) as a model for collecting citizen complaints so
that police and industry can monitor trends, thwart organized criminal
groups and arrange incidents for further investigation.

The FBI in the U.S. runs a similar program called "IC3", referring to its
Internet Crime Complaint Centre, which last year alone received 269,000
complaints about frauds, email scams and online extortion. That included
some 4,000 complaints from Canada.

But in Canada, "most of the reporting, and almost all of the resolution is
happening behind the closed doors of the private sector," says one expert.

Canadian police chiefs involved in the 2015 global cyber-study made six
recommendations are calling for a "paradigm shift" in how police and the
public treat cybercrime, involving more coordination and information
sharing between police and industry.

Right now, Public Safety Canada advises the public to contact local police
if they are a victim of cybercrime. But "Canadian policing in its current
format is ill-suited to address crime on a global basis," one police chief
concedes, acknowledging that Canada's police system is fragmented between
between federal, provincial and local authorities.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!