Suspicious activity found on 48,000 CRA accounts after cyberattacks

OTTAWA _ The Treasury Board of Canada says it has uncovered suspicious activities on more than 48,000 Canada Revenue Agency accounts following cyberattacks in July and August.

The treasury says the previously-announced attacks targeted CRA accounts and GCKey, an online portal through which Canadians access employment insurance and immigration services.

Attackers used a method called credential stuffing, which takes advantage of people who reuse usernames and passwords across multiple platforms that may have been previously hacked.

The treasury says GCKey was not compromised, but it has revoked 9,300 credentials for its system and is contacting those users in hopes of blocking subsequent attacks.

Canadians who receive a revocation message can register for new credentials or make use of the SecureKey Concierge, which lets users sign in to 269 government services through partners, such as major banks.

The treasury says the Royal Canadian Mounted Police’s investigation into the attacks is still ongoing and affected departments have been in contact with the Office of the Privacy Commissioner to provide updates on what personal information has been compromised.

New Cybersecurity Initiative Finds That a Majority of Canadians Have Been the Victim of a Cybercrime

New Cybersecurity Initiative Finds That a Majority of Canadians Have Been the Victim of a Cybercrime

TORONTO, July 9, 2020 /CNW/ – The Cybersecure Policy Exchange (CPX), powered by RBC, today launched a report setting out an ambitious policy agenda that addresses findings from new survey data of 2,000 Canadians collected in mid-May. The report sheds light on Canadians’ online experiences and their priorities related to cybersecurity and digital privacy.

The goal of CPX is to broaden and deepen the discussion about cybersecurity and digital privacy policy in Canada, and to create and advance innovative policy responses, from idea generation to implementation.

“We live and work in a time of unprecedented technology development and adoption —

further accelerated by events like COVID-19,” said Charles Finlay, Executive Director of Rogers Cybersecure Catalyst. “We need urgent national policies that protect our security and digital privacy, while ensuring equal access for all. That is why we developed CPX–to be a platform for debating and advancing cybersecurity policy that is of critical importance to all Canadians.”

To lay the groundwork for these discussions, CPX undertook a survey of Canadians; some key findings from the report “Advancing a Cybersecure Canada” include:

  • 57% of Canadians reported being the victim of a cybercrime;
    • 31% unintentionally installed or downloaded a computer virus or malware;
    • 28% experienced a data breach that exposed personal information; and
    • 22% had an online account hacked;
    • 13% have been a victim of phishing; and
    • 8% have unintentionally installed or downloaded ransomware.
  • Since the start of the COVID-19 pandemic, Canadians have adopted new technologies to stay connected making them more vulnerable to privacy and security risks. 55% of Canadians have used Facebook Messenger and 46%have used Zoom.
  • Only 26% of Canadians with a smart speaker or voice-operated assistant have restricted the information it can access through its settings.

CPX will focus its work on three high-impact technologies:

  1. Social Media Platforms: Online platforms that enable users to connect and share user-generated content.
    • Only 15% of Canadians trust Facebook to keep their data secure, compared to 62% who trust the federal government and 73% who trust health care providers.
  2. Internet of Things (IoT): Physical networked devices connected to the Internet, from consumer electronics, to larger industrial and infrastructure applications.
    • 68% of Canadians have at least one smart device in their home.
  3. Biometrics and Facial Recognition: Technologies that measure and analyze a person’s physical or behavioural attributes to recognize or confirm identities, such as facial recognition.
    • 41% of Canadians are uncomfortable with being captured by video doorbells like Amazon’s Ring, and 15% support a ban on these products.

This report marks the launch of CPX’s agenda to develop public policy solutions, and raise awareness to the privacy and security challenges of each of these technologies.

“Cybersecurity has quickly become one of the most important issues of our time,” said Laurie Pezzente, Senior Vice-President of Global Cyber Security and Chief Security Officer at RBC. “As a leading organization in cybersecurity entrusted to keep our clients data safe and secure, RBC is proud to support the Cybersecure Policy Exchange and its ambitious policy agenda. Questions of privacy and security are paramount for all Canadians and policymakers, and proper governance of these issues will ultimately contribute to a more prosperous and equitable world.”

On Tuesday, July 14th from 1:30pm – 3:00pm EST members of the CPX team from RBC, Rogers Cybersecure Catalyst and Ryerson Leadership will convene for a live discussion to breakdown their new agenda, survey results and elaborate on the current cybersecurity threat landscape. More information and the registration link can be found here.

Through close public and sectoral engagement with the general public, government, academia and civic institutions on each of these urgent challenges, CPX will work to advance the responsible governance of this technology to protect Canadians.

The full findings are available at https://www.cybersecurepolicy.ca/agenda. An anonymous survey was conducted online by Pollara Strategic Insights on behalf of the Cybersecure Policy Exchange with 2,000 Canadian residents 18 years of age or older, from May 14 to 22, 2020. As a guideline, a probability sample of this size would yield results accurate to +/- 2 percentage points, 19 times out of 20. The data were weighted by region, gender and age, based on the most recent Canadian census figures to ensure that the sample matched Canada’s population.

The Cybersecure Policy Exchange is a new initiative from Ryerson University, dedicated to advancing effective and innovative public policy in cybersecurity and digital privacy. The Cybersecure Policy Exchange is powered by RBC through Rogers Cybersecure Catalyst and the Ryerson Leadership Lab.

Cybersecure Policy Exchange
cybersecurepolicy.ca | @cyberpolicyx
cybersecure.policy@ryerson.ca

SOURCE Ryerson University

 

Coalition, a technology-enabled cyber insurance & security firm, has entered the Canadian market

Coalition, a technology-enabled cyber insurance & security firm, has entered the Canadian market

Coalition, the leading cyber insurance and security company in the US, today announced it is expanding its offering to Canada-based companies, providing proactive cybersecurity products and services and best-in-class cyber and technology error & omissions insurance to help keep businesses safe. Coalition will offer up to CAD $20 million of comprehensive insurance coverage supported by the financial strength of Swiss Re (A.M. Best A+) to companies with up to CAD $1 billion in annual revenue. Through Coalition’s online platform, licensed insurance brokers are able to generate a quote in minutes and also provide their clients with access to Coalition’s proprietary cybersecurity tools and services that are designed to detect, mitigate, and contain threats at no additional cost.

Cyber threats know no boundaries — technology has introduced a range of new threats to businesses irrespective of their location that are not well covered by traditional insurers. Coalition’s global cybersecurity platform provides businesses the risk management support they need most, including help preventing incidents in the first place, and support during and after a crisis. With this expansion, Coalition is proud to advance its mission to solve cyber risktogether with Canadian businesses by not only helping to prevent cyber attacks, but helping businesses survive them when they occur.

“Cyber risk is a global problem in need of a global solution,” said Shawn Ram, Head of Insurance at Coalition. “The future of cyber security and insurance are integrated solutions to protect against cyber incidents across all asset types. We’re excited to make this future a reality across the Canadian market.”

Coalition’s approach to cyber insurance is rooted in risk management and mitigation, bringing together cyber security expertise with the safety of insurance to provide the first truly holistic approach to solve cyber risk:

  • Risk mitigation: Coalition provides free cybersecurity tools to help businesses manage and mitigate cyber risk, and comprehensive cyber insurance to help them recover after an incident. Coalition’s comprehensive solution helps companies improve their cybersecurity, mitigate incidents when they occur, and help companies recover financially in the aftermath.
  • Superior claims handling and incident response: all policyholders receive 24/7/365 access to Coalition’s in-house team of security and incident response experts. Together with hand-picked partner firms (including public relations, legal, and crisis management experts), Coalition stands ready to help organizations quickly recover from a cyber incident.
  • Aligned incentives: Coalition is changing the paradigm in cybersecurity by aligning economic incentives with its customers. Unlike a traditional cybersecurity company, Coalition shares its customer’s incentives to prevent and mitigate losses.

“Coalition is more than just an insurance solution,” said Joshua Motta, CEO of Coalition. “Our expansion into Canada will give us greater visibility into cyber losses, and even more resources to combat cybercrime, on a global basis.”

For more information, visit coalitioninc.ca.

About Coalition
Coalition is the leading provider of cyber insurance and security, combining comprehensive insurance and proactive cybersecurity tools to help businesses manage and mitigate cyber risk. Backed by leading global insurers Swiss Re Corporate Solutions, Lloyd’s of London, and Argo Group, Coalition provides companies with up to USD $15 million of cyber and technology insurance coverage in all 50 states and the District of Columbia, as well as CAD $20M of coverage across all 10 provinces in Canada. Coalition’s cyber risk management platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses remain resilient in the face of cyber attacks. Headquartered in San Francisco, Coalition has presences in New York, Los Angeles, Chicago, Dallas, Washington DC, Miami, Atlanta, Denver, Austin, and now Vancouver and Toronto.

SOURCE Coalition

Related Links

http://coalitioninc.ca

 

Six months after cyberattack, LifeLabs says it has appointed a CISO and rolled out new security policies

Six months after cyberattack, LifeLabs says it has appointed a CISO and rolled out new security policies

ITworld Canada

Half a year after suffering arguably the worst data breach in Canadian history, LifeLabs provided its customers with an update on what it’s doing to make sure history isn’t repeated.

In an email obtained by IT World Canada, LifeLabs chief executive officer Charles Brown released a statement to customers on June 11, noting “I cannot change what happened, but I assure you that I have made every effort toward making change to provide you services you can trust.”

Here is the list of changes LifeLabs is introducing, according to the email:

Part of an email from June 11 sent to LifeLabs customers. According to his LinkedIn profile, LifeLabs’ former senior IT manager was appointed to be the CISO last December.

Brown also wrote that the breach delivered LifeLabs a stern reminder that “we must continuously work to protect ourselves against cybercrime” and that “data protection and privacy are now central to everything we do.”

The update from LifeLabs comes on the heels of a report from data protection company Veritas that says public consumers are seeking apologies, fines and even prison sentences for CEOs who fail to protect their businesses. Forty per cent of consumers hold business leaders personally responsible for ransomware attacks businesses suffer, according to the Veritas survey, which interviewed roughly 12,000 consumers. Thirty per cent would demand the CEO be banned from running a company if it suffered a cyberattack. Twenty-three per cent of those surveyed want to send CEOs to prison for mishandling data.

And despite nearly 90 per cent of respondents in a recent survey conducted by The Office of the Privacy Commissioner of Canada (OPC) saying customer privacy is an important corporate objective, only 60 per cent of those businesses say they have procedures in place to respond to customers’ requests to access their personal information.

Source: IT World Canada

CPA Canada hit by cyberattack affecting data of more than 329,000

TORONTO _ A cyberattack on the Chartered Professional Accountants of Canada website has affected the personal information of more than 329,000 members and stakeholders, the organization said.

The information includes names, addresses, emails and employer names, but passwords and credit card numbers were protected by encryption, CPA Canada said.

It warned the data could be used in email phishing scams and encouraged those affected to  “remain vigilant.”

The attack by  “unauthorized third parties” occurred between Nov. 30 and May 1, according to an internal investigation carried out with the help of cybersecurity experts.

The organization said it beefed up its security measures and contacted the Canadian Anti-Fraud Centre and privacy authorities after learning of “a possible security incident” the week of April 20.

“Upon discovering this, CPA Canada took immediate steps to secure its systems and conduct a thorough analysis to determine what information may have been involved,” the group said in an email.

“There is no evidence that the encryption keys were affected in this incident and we have no reason to believe the encryption was compromised.”

The personal information relates mainly to the distribution of CPA Magazine and everyone affected has been notified, the organization said.

Hacks against a wide range of companies since 2018 have included medical test laboratory LifeLabs and credit union Desjardins, which combined saw the theft of the personal information of more than 19 million Canadians.

 

COALITION RAISES $90 MILLION IN FUNDING TO BUILD THE FUTURE OF CYBER INSURANCE

Existing investor Valor Equity Partners led Series C round; largest ever cyber insurance funding round

SAN FRANCISCO — May 20, 2020 — Coalition, the leading cyber insurance and security company, today announced it has raised $90 million in equity capital to fuel its mission to solve cyber risk, and support its rapid growth and global expansion. Valor Equity Partners led the funding with participation from Felicis Ventures, Greyhound Capital, and Coalition’s existing investors.

The investment comes as the company’s customer base crosses 25,000 — a 600% increase from the prior year — making it one of the largest providers of cyber insurance and security in the United States. Coalition’s unique product offerings combine best-in-class insurance and proactive cybersecurity tools to help keep businesses safe. Cyber losses cost the global economy upwards of $1.5 trillion each year, and yet the majority of businesses are under-insured and under-prepared to manage and mitigate the risks of an increasingly digital world. Coalition is addressing this gap by providing no-cost cybersecurity tools to prevent losses, security and incident response services to contain them, and comprehensive cyber insurance to help organizations recover from failures and breaches.

“Cybersecurity isn’t a technology problem, it’s a risk management problem,” said Joshua Motta, Founder and CEO of Coalition. “Traditional cybersecurity technology such as firewalls and antivirus were designed to protect networks, not businesses. Coalition protects an entire business by offering cybersecurity-as-a-service without any additional hardware or software, security and incident response services, and comprehensive insurance cover of up to $15 million.”

The announced funding will help Coalition target three key areas:

Cybersecurity Access: once accessible only to national governments and large enterprises, Coalition will continue to make available, at no cost, state-of-the-art cybersecurity capabilities to small and midsize businesses. Coalition’s small and midsize policyholders experienced claims that cost an average of $160,000 — an expense that few businesses can afford to bear. “Businesses need more protection than traditional insurers can offer, including help preventing incidents from happening in the first place, and support during and after a crisis,” said Vivek Pattipati, Partner at Valor Equity Partners. “We believe Coalition will be as disruptive to the cybersecurity industry as it has been to the insurance industry.”

International Expansion: cyber risks know no boundaries, and Coalition plans to make its offerings available globally starting with Canada. “As the entire world becomes increasingly digital, Coalition has a tremendous opportunity to address the real risks that cyber poses across many markets,” said Pogos Saiadian, Partner at Greyhound Capital.

New Products: Coalition plans to develop additional insurance products to address a new range of threats technology brings to both tangible and intangible assets — many of which are not well covered by traditional insurance policies. “The future of cyber insurance is in integrated solutions to protect against cyber incidents across all asset types,” said Sundeep Peechu, Managing Director at Felicis Ventures. “Coalition is uniquely positioned to challenge the status quo of insurance by unraveling the complexity of modeling and pricing cyber as a peril.”

Antonio Gracias, Founder and CEO of Valor Equity Partners said: “We view Coalition as a category-defining company that is fundamentally changing the way organizations engage with insurance. Coalition is one of the fastest growing insurance technology companies despite raising a fraction of the capital of its peers.”

In total, Coalition has raised $125 million in equity funding from investors, including Vy Capital, Ribbit Capital, Hillhouse Capital, Valor Equity Partners, and Greenoaks Capital, among others. All existing investors participated in Coalition’s latest round of funding.

To learn more about Coalition, visit coalitioninc.com.

Coalition is the leading provider of cyber insurance and security, combining comprehensive insurance and proactive cybersecurity tools to help businesses manage and mitigate cyber risk. Backed by leading global insurers Swiss Re Corporate Solutions, Lloyd’s of London, and Argo Group, Coalition provides companies with up to USD $15 million of cyber and technology insurance coverage in all 50 states and the District of Columbia, as well as CAD $20M of coverage across all 10 provinces in Canada. Coalition’s cyber risk management platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses remain resilient in the face of cyber attacks. Headquartered in San Francisco, Coalition has presences in New York, Los Angeles, Chicago, Dallas, Washington DC, Miami, Atlanta, Denver, Austin, and now Vancouver and Toronto.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from ILSTV

You have Successfully Subscribed!

Pin It on Pinterest