The past year has been difficult for Canadian organizations. They've had to deal with the repercussions of several cyberattacks, ranging from a hacking attempt at Amnesty International Canada to a more severe attack that IKEA suffered due to an insider threat.

The Canadian government, foreseeing such issues, had come up with a cybersecurity action plan in 2018 and planned to implement it by 2024.

What does the action plan aim to do?

In 2017, the Canadian government released a cyber review report based on consultations from both the public and experts in the industry. In 2018, as a response to the review, the government came up with a national cybersecurity strategy (NCSS). The strategy outlines three main goals:

  • Security and resilience
  • Cyber innovation
  • Leadership and collaboration

Canada's action plan for cybersecurity consists of the various initiatives involved in fulfilling these three goals, the departments involved in implementing these initiatives, and the target end dates. It serves as a list of action items and a roadmap that the federal departments involved can use to execute the strategy effectively.

Keeping the action plan relevant to the current threat landscape

Despite the notable increase in cyberattacks worldwide, there has not been a significant change in the way organizations approach cybersecurity. They need to take more proactive measures and adopt cyber resilience. Canada is no exception. According to the National Cyber Threat Assessment 2023-2024, some of the biggest cyberthreats Canada will face include ransomware, state-sponsored cybercrime, and attacks aimed at the country's critical infrastructure.

Notably, while Canada released the NCSS in June 2018, Public Safety Canada (PS) was tasked with the implementation of the initiatives in 2019, when the COVID-19 pandemic hit the world. As the years have progressed, so has the impact of the pandemic.

The COVID-19 pandemic has led to increased usage of the internet and IoT devices. Due to the adoption of remote and hybrid work cultures, there has been a rise in industrial IoT usage as well. This increases the attack surface and the number of vulnerabilities criminals can exploit. Attacks on operational technology that are triggered by supply chain vulnerabilities have increased as well. While regularly patching systems helps, cybercriminals will continue to search for unpatched systems to exploit and attack.

Foreseeing this, the Canadian prime minister mandated a periodic renewal of the strategy in 2021. While it's a little too soon to judge how effective this move could be, according to the 2022 mid-term evaluation, the plan has been effective in terms of PS reaching out to the 10 critical infrastructure sectors through its projects. However, PS continues to face budget and implementation issues. This is common in organizations and governments around the world; global cybersecurity spending is expected to cross USD 260 billion by 2026. There is a need to implement cost-effective strategies, especially for SMBs, which are the most vulnerable targets of cyberattacks.

To learn more about how a SIEM solution can help fulfill your cybersecurity needs in the most cost-effective way possible, sign up for a free, personalized demo with our product experts.

  • Please enter a business email id
  • By clicking 'Read the ebook', you agree to processing of personal data according to the Privacy Policy

Get the latest content delivered
right to your inbox!

Thank you for subscribing.

You will receive regular updates on the latest news on cybersecurity.

  • Please enter a business email id
    By clicking on Keep me Updated you agree to processing of personal data according to the Privacy Policy.

Expert Talks


© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.