Quebec is not the only Canadian business struggling with ransomware attacks; municipalities in Ontario are also facing the same problem. With the increase of such attacks, the electronic intelligence agency of Defence Department, Communication Security Establishment, recently initiated the Canadian Centre for Cybersecurity.
The centre has been tasked to keep a check on the emerging ransomware strains while providing consultation and recommendations to the provincial and federal governments for enhancement of their cybersecurity infrastructure.
Even Koronewski, a spokesperson, clarified that the centre is one of its kind and does not associate with any territorial or provincial equivalent. Professor Jose Fernandez—professor and malware analyst from the Polytechnique Montreal Engineering School—noted that certain security measures have been incorporated by a few Canadian provinces. For example, New Brunswick and British Columbia created offices that entirely deal with the protection and safeguarding of the government data. However, he pointed out that smaller towns were still facing a risk of ransomware infections. Fernandez has expressed hope that the new government may consider the security of these neglected towns.
On the other hand, a spokesperson from the Public Security Department, Patrick Harvey, has denied claims of provincial government’s inability to face cyberattacks like ransomware. He explained his viewpoint with the fact that the Treasury Department is assisted by a director of information who manages the protection measures for the protection of government data.
Likewise, the department of Public Security is comprised of a unit which solely focuses on generating response like ransomware removal and recovery process while battling cyberthreats. In these processes, the provincial police and the administration assists the department to quickly engage in detection, response, and recovery processes.
However, Harvey raised a major point: the municipalities do not fall under the mandate of this unit as they are considered as “autonomous” and therefore they have to overlook their cybersecurity by themselves.