Canadian cyber threat intelligence annual report

In the past year, the Canadian cyber threat landscape shifted radically. Geopolitical tensions mounted, economic conditions fluctuated and companies both in Canada and around the world continued their rapid digitization in the wake of the pandemic.

As governments and businesses grappled with how to enhance their resilience in the face of the evolving risk environment, threat actors embraced artificial intelligence (AI) and other innovations to enhance their attack strategies and power a broader array of increasingly complex and sophisticated cyberattacks.

More than two-thirds of Canadian executives consider cybercrime their most significant threat in the coming year.

Source: PwC Canadian Digital Trust Insights, 2023

In this report, we highlight the following:

Top cyber threats, threat actor motivations, threat actors and malware observed in Canada during 2022
Canadian industries most targeted by cyberattacks
Key trends expected to shape the Canadian threat landscape in 2023 and beyond
Recommendations about what executive teams should do to stay resilient in the changing cyber threat landscape

Canadian threat landscape: Top cyber threats in the past year

Ransomware

Ransomware was one of the biggest cyber threats to Canadian organizations, driven in part by the growth of affiliate programs and ransomware-as-a-service (RaaS) schemes.

State-sponsored threat actors

The war between Russia and Ukraine and its NATO allies, including Canada, significantly heightened the risk of state-sponsored cyber threats, particularly for companies in the critical infrastructure sector.

High-profile vulnerabilities

Both the volume and complexity of attacks targeting cyber vulnerabilities increased. Zero-day vulnerabilities were especially concerning to Canadian organizations.

Supply chain attacks

Threat actors increasingly used supply chain attacks (a.k.a. third-party attacks) to gain initial access to the networks and systems of target organizations.

Phishing

There was a steady rise in the number of business email compromise attacks and phishing campaigns aimed at Canadian organizations.

Cloud vulnerabilities and gaps

As Canadian companies continued to embrace cloud solutions, threat actors increasingly focused on identifying and exploiting unexpected or unknown vulnerabilities and gaps in their cyber defences.

DDoS attacks

A growing number of attacks included a distributed denial-of-service (DDoS) component aimed at overwhelming an organization’s servers, making sites and services inaccessible to legitimate visitors and users.

11% of Canadian CEOs believe their company will be either highly or extremely exposed to cyber risks over the next 12 months—18% over the next 5 years.

Source: PwC Global CEO Survey—Canadian highlights, 2023

Threat outlook for Canadian organizations

As geopolitical tensions mount and threat actors become more sophisticated, many Canadian organizations are wondering what they should do to stay on top of cyber threats.

Over the next year, we expect five key trends to influence the Canadian threat environment:

AI will reshape the cyber threat landscape

We saw quick developments in AI-powered cyberattacks during 2022. Mainstream developments, such as generative AI platforms and solutions, could become targets in 2023 and beyond. Yet even as threat actors look to use AI to enhance their cyberattack capabilities, AI can enable organizations to quickly detect and mitigate potential threats.

The sophistication of ransomware operators will surge

The ongoing uptake of the RaaS business model significantly changed the threat environment in 2022. In 2023, the accessibility of RaaS offerings will likely keep ransomware one of the most critical cyber threats to Canadian organizations. We expect ransomware operators will use increasingly sophisticated strategies to disrupt organizations and drive larger ransom demands.

Data breaches will remain a key threat, particularly third-party breaches

In 2023 and beyond, data breaches will likely continue to be a big threat for Canadian organizations—particularly breaches that are the result of third-party compromise. An organization’s security is only as good as the security of its weakest link. Organizations need to consider security risks associated with supply chain partners and other third parties.

Geopolitical tensions may drive additional cyber threat activity

In 2023 and beyond, it’s likely that ongoing conflict and tension between nation states will raise cyber risk levels and drive an increasing number of cyberattacks. The targets of these attacks won’t necessarily be limited to opposing governments—organizations operating in critical infrastructure and key industries could also find themselves at risk.

Threats focused on IoT and OT devices will increase quickly

The power that Internet-of-Things (IoT) and operational technology (OT) devices offer has made them a target for threat actors looking to disrupt business operations, public safety and national security. In 2023 and beyond, the complexity of managing IoT and OT security will likely drive many organizations to embrace a more holistic approach to cybersecurity.

Most targeted industries in Canada

In 2022, threat actors conducted a variety of cyberattacks aimed at companies in a broad range of sectors. Here are the top ten sectors affected by threat actors in Canada:

Services⁽¹⁾: 20%
Manufacturing: 16%
Public sector: 10%
Construction: 8%
Information and technology: 8%
Health care: 8%
Retail: 8%
Finance: 6%
Energy and utilities: 6%
Transportation: 4%

^{¹ The services sector includes a number of subsectors (e.g. hospitality, legal services, accounting services, management consulting, architectural engineering, automotive, advertising, marketing and education).}

A catastrophic cyberattack is the top scenario in 2023 resilience plans globally.

Source: PwC Global Digital Trust Insights, 2023