Loading articles...

Cybersecurity expert says attack affecting ICBC points to broader trend

Last Updated Mar 18, 2021 at 12:30 pm PDT

(iStock Photo)
Summary

Expert believes pandemic has played a role in spike in recent cyber crimes

Cyberattack on ICBC third-party vendor delays rebate cheques to British Columbians

Cybersecurity expert says companies need to look at security holistically

VANCOUVER (NEWS 1130) – An expert says the COVID-19 pandemic has created “the perfect psychological storm” for an increase in cyberattacks.

Dominic Vogel’s comments come after the high-profile cyberattack involving ICBC this week, resulting in a delay to rebate cheques being sent out to British Columbians.

“You know, we’ve definitely seen a noticeable increase in social engineering scams and other cyberattacks facing mainly small-, mid-size organizations, but larger organizations as well,” Vogel, the founder and chief strategist at Cyber SC, said. “We’ve definitely entered a new prime wave, shall we say, when it comes to cyber crime.”

He believes after the latest attacks involving TransLink and ICBC, remote work could be part of the issue.

“Often you’ll have a phishing email that comes in that people would be able to ask their colleagues. Now, you have a very different paradigm where people are working remotely, they’re working at home, they’re working in very distracted environments,” he explained, adding people have also become tired and distracted, and not quite as alert as they may normally be.

Vogel adds consumers should focus on advocacy and hold organizations more accountable and let various levels of government know that they want to see more regulations around data security and privacy.

The cyberattack linked to ICBC was against a third-party vendor contracted to provide printing and distribution services that held information such as customer names, addresses, rebate amounts, and cheque numbers. However, ICBC has said there is no indication that information has been accessed.

The minister responsible for ICBC said on Thursday that the third-party vendor took immediate steps to safeguard information when it learned of the attack.

Mike Farnworth says his department is working hard to get the rebate money out to drivers.

“We want to ensure the cheques go out as expeditiously as possible. I am saying the next few weeks because I can’t say for certain like, in the few days or next week,'” Mike Farnworth said Thursday.

“It is being investigated both in terms from a cyber security aspect and obviously, the company is having to deal with the fact this is a criminal attack,” he added.

Vogel says though the ICBC attack was against a third-party and not the insurer’s internal systems, it still points to a broader trend.

“Namely, what’s referred to as ‘supply-chain attacks’. While a company’s internal systems may not have been affected, somewhere along the supply chain, one of their vendors that they rely on, was affected. So I think it’s really important for organizations — whether it be TransLink, ICBC, public sector, private sector — that they really start looking at cybersecurity and cyber risk management holistically,” he explained, adding businesses need to look at all of the systems, companies, and platforms they rely on, not just their own.

Related video: ICBC COVID-19 rebate cheques delayed due to cyberattack

On Dec. 2, TransLink said it was targeted by a cyberattack, forcing it to shut down some of its services.

Later that month, the union representing Metro Vancouver bus drivers confirmed many of its members’ pay was also impacted by the hack.

-With files from Nikitha Martins