WannaCry most dangerous to smaller companies, says Canadian cybersecurity firm

In its Ottawa cybersecurity war room Sunday, on a day they should have spent honouring their mothers, 40 CGI project managersfound themselves plotting battle strategiesagainst anonymous high-tech hostage takers.

As employees with Canada's largest IT services provider, they picked up call after call from concerned customersworried that the WannaCry ransomware attackwas targeting their networks.

• WannaCry ransomware: What you need to know
• How a perfect storm allowed a global ransomware attack to happen

CGI deployed more than 250 consultants to scan its clients' networks, butthe question was: could they install the patch beforeWannaCrywormed its way in?

Once it was in, themalwarewould use encryptionto lock down network data and demand aransom payment of $300 USto free the data.

According to John Proctor, vice-president of cybersecurity,as many as 30 percent ofCGI'sclients were at risk of being attacked by WannaCrybecause they still used older Microsoft operating systems such as Windows XP.

Microsoft had created a patch for the problem, but the companies who called for help didn't know it, leavingthemselves open to attack.

"They tend to be small-to-medium-size companies folks who don't have access to security resources, folks who don't have a security provider, and therefore they're generally not aware. For the vast majority of small-to-medium businesses that is the case," Proctor said.

Proctor saidthe companies that left themselves open to attack include businesses in the finance, oil and gas and retail sectors.

But after several days on the defensive, none ofCGI'sCanadian clients were taken hostage, said Proctor despite their initial vulnerabilities.

Global havoc

Worldwide, more than 200,000 computer systems have beeninfected in some 150 countries. In Britain, the virus has managed to wreak havoc in the network of the National Health Service, forcing hospitals to cancel procedures.

The picture is much different in Canada: the federal government wasn't affected, and the one hospital that was threatenedwas able to fend off the cyberattack.

How do we go after a cyber criminal element that may be operating in 11 countries simultaneously?- Andre Leduc, Information Technology Association of Canada

So farthere have been only five reported WannaCry attacks in Canada, but John Reid, presidentof the Canadian Advanced Technology Alliance, suspects the real number is much higher.

"It has to be seriously underreported because it's not something you want to tell your shareholders or the public," said Reid, adding that the spread of WannaCry should be a wake-upcall for all governments about the need forinternational cooperation.

"This is a major risk that has to be managed in the global economy, politically and culturally. You have to step up your monitoring technologies ... the earlier we can intercept and detect these viruses, the faster we can bring in the RCMP or whomever in other countries to prevent these attacks from starting in the first place," Reid said.

The RCMPwould not say if it's investigating any domestic WannaCry attacks, but in an email a spokesperson wrote thatthe force takes the issue of cybercrime seriously and "will work with international partners to investigate this global problem."

But over at the Information Technology Association of Canada (ITAC), there's lessoptimismthat the criminals behind such massive cyberattacks can be brought to justice.

Worldwide scale causing 'headaches'

"How do we go after a cybercriminal element that may be operating in 11 different countries simultaneously?" askedAndre Leduc, ITAC's vice president of government relations.

"Someone will be spreading the malwarefrom South America. Someone else will be running the spamin eastern Europe. Someone else develops the virus in southeast Asia. It's the kind of investigation that is insanely time-consuming and causes jurisdiction headaches."

Instead, Leduc said,each business no matter the size needs to be diligent in updating operating systems and running anti-virus and cybersecurity software.

And the one thing all technology experts agree on is thatmalwareattacks will continue to increase in frequency and grow in scope and sophistication.

"The best defense against cybercrime," said Leduc, "is defending your own system and networks."