Deputy Minister of Public Safety Canada Tricia Geddes appears as a witness at the Foreign Interference Commission in Ottawa, on Oct. 8.Spencer Colby/The Canadian Press
Federal security officials say Ottawa must do more to educate those running businesses and critical infrastructure systems of the threats posed by hackers, as too many of these leaders are underinvesting in protection.
Tricia Geddes, deputy minister at Public Safety Canada, opened the first day of the Vancouver International Security Summit on Monday by saying that society, as a whole, has still not twigged to the fact that “we’re already at war when it comes to cyberwarfare” with certain countries and their criminal proxies. Those actors are attacking companies of all sizes and public agencies that provide crucial services.
“Some businesses have taken this on board, some can’t afford to or don’t consider it to be a good business proposition,” she said during her keynote address. “But I do honestly believe that cybersecurity is an area of grave concern for this country that we need to continue to take seriously.”
Ms. Geddes added that cyberspace presents the greatest vulnerabilities for critical infrastructure such as drinking water plants and hospitals, two areas subject to recent attacks or threats.
“It doesn’t take long for one of those types of outages to cause massive, massive chaos, concern and loss of life, potentially,” she said.
“And honestly, I think that if we are not – as a federal government in particular – with all of you working to address these types of concerns, we will fast lose confidence that Canadians have in our ability to be able to protect them.”
Expert after expert told the conference that Canada is a high-value, low-risk target for cybercriminals.
Ms. Geddes said her biggest challenge is to figure out ways that federal authorities can transmit intelligence on threats “much more quickly into the hands of people that can act to do something to be able to protect our country.”
Sami Khoury, who ran the Canadian Centre for Cyber Security until he was appointed as the country’s senior official for cybersecurity two months ago, illustrated the disconnect between the country’s spy agencies and the private sector.
During a panel discussion, he said he once had to send the RCMP to knock on an executive’s door in the middle of the night after previous warnings of an imminent cyberthreat to their company went ignored.
“We have an identity crisis, not a lot of people know the Cyber Centre, unfortunately,” he said. “We are almost six years into the creation of the Cyber Centre and, to this day, I often hear people say, ‘Well, where do I report the incident and who are you, again?’”
Last month, the centre issued its 2025-26 forecast and noted that ransomware attacks – in which targets are asked to pay money to access their own files – are the top cybercrime threat to critical infrastructure in the country over the next two years.
Martin Dinel, Alberta’s Chief Information Officer, told the conference that gone are the days where ransomware attacks begin with a demand as low as $22,000, an amount the University of Calgary was first told to pay during a 2016 attack. Now, such ransoms may be as high as $3-million, but many victims he knows have been able to negotiate this sum down to $10,000.
However, he and other experts that spoke Monday said organizations should never pay hackers because it only emboldens these groups.
Bob Gordon, an Ottawa-based strategic adviser to the Canadian Cyber Threat Exchange, a network of businesses that share information in this field, said leaders of small and medium-sized companies used to believe: “I don’t have any big trade secrets. I don’t have any cash with the bank, nobody’s interested me.”
However, he said, any data that are crucial to their business – such as inventory or customer lists – could then be considered worthwhile for ransomware hackers to target.
“They’re not going to sell it – it’s of no value to them – it’s of value to you and that’s become the great equalizer in terms of the vulnerability of businesses,” Mr. Gordon said.