Executive Summary

In our highly connected digital society, Canadians and Canadian organizations rely on the Internet for both personal and professional activities. It is in this context that we assess cyber threats to Canadian individuals, businesses, and critical infrastructure, including government.

Cyber threat activity against Canadians often has financial or privacy implications. Yet cyber threat activity against Canadian businesses and critical infrastructure can have more far-reaching consequences, such as operational disruptions to the financial sector, large-scale theft of personal information, and even potential damage to infrastructure.

Key judgements

  • Cybercrime is the cyber threat most likely to affect Canadians and Canadian businesses in 2019. Cybercrime is evolving as cybercriminals take advantage of growing online markets for illicit goods and services in order to maximize their profits. Cybercriminals tend to be opportunistic when looking for targets, exploiting both technical vulnerabilities and human error.
  • Cyber threat actors — of all sophistication levels — will increase the scale of their activities to steal large amounts of personal and commercial data. Data, such as intellectual property and Canadians’ personal information, are used for theft and resale, fraud, extortion, or espionage.
  • Canadians are very likely to encounter malicious online influence activity in 2019. In the coming year, we anticipate state-sponsored cyber threat actors will attempt to advance their national strategic objectives by targeting Canadians’ opinions through malicious online influence activity.
  • State-sponsored cyber threat actors will continue to conduct cyber espionage against Canadian businesses and critical infrastructure to advance their national strategic objectives. More nationstates are developing cyber tools designed to conduct cyber espionage.
  • It is very unlikely that, absent international hostilities, state-sponsored cyber threat actors would intentionally disrupt Canadian critical infrastructure. However, we also assess that as all manners of critical infrastructure providers connect more devices to the Internet, they become increasingly susceptible to less-sophisticated cyber threat actors, such as cybercriminals.
  • Sophisticated cyber threat actors will likely continue to exploit the trusted relationships between businesses and their suppliers and service providers for espionage and cybercrime purposes.
  • Cyber threat actors are adopting more advanced methods, such as compromising hardware and software supply chains, making detection and attribution more difficult.

Image Description

Adopting even basic cyber security practices can help thwart cyber threat actors and reduce the threats to Canadians and Canadian businesses.

Date modified: