Ignorance is not bliss when it comes to cybersecurity and digital privacy

Seemingly simple actions taken by Canadians are creating risks we couldn’t have conceived of just a few years ago.

Trust the wrong email and you can lock down a hospital’s computer system. Post the wrong remark on social media and you might be denied entry the U.S. Buy the wrong web cam and you might help a hacker bring down part of the Internet.

Seemingly simple actions taken by Canadians are creating risks we couldn’t have conceived of just a few years ago. We live in a digital world and Canadians are vulnerable in ways many don’t understand.

Let’s take the Internet of Things (IoT). Inexpensive devices such as Wi-Fi baby monitors, wireless speakers and connected coffee makers, examples of IoT devices, are growing in popularity. Their security implications are growing too and many Canadians remain unaware. Research conducted by CIRA in March 2017 showed that only 39 per cent of Canadians have heard of IoT.

If they haven’t heard of IoT, it’s unlikely they know that these devices are inexpensive for a reason. They cannot be updated and made cybersecure. It’s also unlikely that consumers understand the depth of the threats that lurk within them.

In 2016, an attack on U.S.-based Dyn and its domain name system (DNS) took down websites throughout the U.S. including Twitter, Netflix, CNN and many others. It turns out Dyn was attacked through a botnet network comprised mainly of IoT devices.

As the CEO of CIRA I’m acutely aware of what can happen to any DNS operator in the event of a successful attack. And it worries me that such an attack might occur because uninformed consumers buy IoT devices that could be used to perpetrate it.

Online privacy is another issue making headlines. We’re hearing reports that some Canadians may have to sacrifice privacy by handing over their smartphones and giving full access to everything within them when crossing the U.S. border. This is a legitimate concern and one many Canadians are ill-equipped to manage due to a lack of awareness and knowledge.

So what can we do?

First, organizations like CIRA must keep systems under their management as secure as possible. We do this every day. It is our job. But it’s also our responsibility to share our knowledge and expertise with Canadians.

One of the ways we approach this is through partnership. For example, CIRA’s Community Investment Program, which annually gives $1 million to organizations across Canada, is funding three projects this year that will enhance digital literacy in Canada, arming Canadians with information about IoT and how to protect personal data, including when heading south of the border.

Next, Canadians must take the information offered and act.  Whether it’s better understanding what email to open or identifying threats to their privacy, Canadians can and must learn more.

With IoT, there is another element. Given that many of the inexpensive IoT devices on the market cannot be made cybersecure, Canadians must first be aware of the possible implications of their purchasing decisions. Where available, I hope Canadians will make wiser choices. And where a better choice doesn’t exist, Canadians must demand this of industry. It’s about keeping themselves and all of us secure.

Cybersecurity and digital privacy issues are complex and no one organization nor individual can tackle them alone. Given the scalability of cyber threats and that they can target one person or device and essentially take down the Internet, it’s clear that mitigation is an all or nothing scenario. Everyone has a role to play.