PwC Canadian Cyber Threat Intelligence Report

• Canada’s cyber threat landscape is continuously changing with threat actors embracing artificial intelligence (AI) and other innovations to enhance their attack strategies
• A catastrophic cyberattack is the top scenario in 2023 resilience plans, globally

Toronto, June 8, 2023: PwC Canada has released the Canadian Cyber Threat Intelligence Annual Report which shows how the Canadian cyber threat landscape has shifted radically in the last year. Changes to the threat landscape have been further fueled by mounting geopolitical tensions, fluctuating economic conditions and rapid digitization in the wake of the pandemic. In fact, 11% of Canadian CEOs believe their company will be either highly or extremely exposed to cyber risks over the next 12 months—18% over the next 5 years. (Source: PwC Global CEO Survey—Canadian highlights, 2022)

As governments and businesses grapple with how to enhance their resilience in the face of the evolving risk environment, threat actors are embracing artificial intelligence (AI) and other innovations to enhance their attack strategies and power a broader array of increasingly complex and sophisticated cyber attacks.

The report highlights the top cyber threats in the past year which include sophisticated attacks such as ransomware, state-sponsored threat actors, supply chain disruptions, phishing attempts, and exploitation of vulnerabilities and gaps in cloud computing and solutions which have led to tremendous financial losses for Canadian organizations.

“Even as threat actors look to use new technological innovations and AI to enhance their cyberattack capabilities, AI can be used to enable organizations to quickly detect and mitigate potential threats,” says Umang Handa, Partner, National Cybersecurity Managed Services Leader, PwC Canada. “In 2023 and beyond, organizations will need to embrace a more holistic approach to cyber security to manage the complexity of the rapidly evolving cyber threat landscape.”

Over the next year, these five key trends will influence the Canadian threat environment:

1. AI will reshape the cyber threat landscape

2022 has seen rapid developments in AI-powered cyberattacks. Mainstream developments, such as generative AI platforms and solutions, could become targets in 2023 and beyond. Organizations will need to embrace these platforms and Generative AI driven tech, but also put in place the right controls, in order to secure the organization

2. We will see a surge in the sophistication of ransomware operators

In 2023, ransomware will be one of the most critical cyber threats to Canadian organizations. It is expected that ransomware operators will use increasingly sophisticated strategies to disrupt organizations and drive larger ransom demands.

3. Data breaches will remain a key threat, particularly third-party breaches

In 2023 and beyond, data breaches will likely continue to be a big threat for Canadian organizations—particularly breaches that are the result of third-party compromise. Organizations will need to consider security risks associated with supply chain partners and other third parties.

4. Geopolitical tensions may drive additional cyber threat activity

Ongoing conflict and tension between nation states will raise cyber risk levels and drive an increasing number of cyberattacks. The targets of these attacks won’t necessarily be limited to opposing governments—organizations operating in critical infrastructure and key industries could also find themselves at risk.

5. Threats focused on IoT and OT devices will increase quickly

The power that Internet-of-Things (IoT) and operational technology (OT) devices offer, make them a target for threat actors looking to disrupt business operations, public safety and national security.

As threat actors gain access to more sophisticated malware tools and technologies at minimum cost, cyberattacks are expected to become more targeted and potentially more damaging. Now more than ever, it will be imperative for organizations to have a trusted threat intelligence partner to provide timely and actionable threat intelligence to understand emerging threats and stay ahead of cyber attackers.

For more insights and recommendations on how to build resilience in the changing cyber threat landscape, read the Canadian Cyber Threat Intelligence Annual Report here.