Cybersecurity expert says attack affecting ICBC points to broader trend
Posted March 18, 2021 10:32 am.
Last Updated March 18, 2021 12:30 pm.
VANCOUVER (NEWS 1130) – An expert says the COVID-19 pandemic has created “the perfect psychological storm” for an increase in cyberattacks.
Dominic Vogel’s comments come after the high-profile cyberattack involving ICBC this week, resulting in a delay to rebate cheques being sent out to British Columbians.
“You know, we’ve definitely seen a noticeable increase in social engineering scams and other cyberattacks facing mainly small-, mid-size organizations, but larger organizations as well,” Vogel, the founder and chief strategist at Cyber SC, said. “We’ve definitely entered a new prime wave, shall we say, when it comes to cyber crime.”
After the cyberattack involving ICBC, an expert says we can't become numb and we should be advocating for changes to data security and data privacy.
— Amanda Wawryk (@AmandaWawryk) March 18, 2021
He believes after the latest attacks involving TransLink and ICBC, remote work could be part of the issue.
“Often you’ll have a phishing email that comes in that people would be able to ask their colleagues. Now, you have a very different paradigm where people are working remotely, they’re working at home, they’re working in very distracted environments,” he explained, adding people have also become tired and distracted, and not quite as alert as they may normally be.
Vogel adds consumers should focus on advocacy and hold organizations more accountable and let various levels of government know that they want to see more regulations around data security and privacy.
The cyberattack linked to ICBC was against a third-party vendor contracted to provide printing and distribution services that held information such as customer names, addresses, rebate amounts, and cheque numbers. However, ICBC has said there is no indication that information has been accessed.
The minister responsible for ICBC said on Thursday that the third-party vendor took immediate steps to safeguard information when it learned of the attack.
Mike Farnworth says his department is working hard to get the rebate money out to drivers.
“We want to ensure the cheques go out as expeditiously as possible. I am saying the next few weeks because I can’t say for certain like, in the few days or next week,'” Mike Farnworth said Thursday.
“It is being investigated both in terms from a cyber security aspect and obviously, the company is having to deal with the fact this is a criminal attack,” he added.
Min Resp for @icbc @mikefarnworthbc talking about cyberattack they say is delaying #covid19 rebate cheques.
He says when thrid party vendor learnd of attack ICBC took immediate steps to safeguard information.#bcpoli @NEWS1130
— LizaYuzda (@LizaYuzda) March 18, 2021
Vogel says though the ICBC attack was against a third-party and not the insurer’s internal systems, it still points to a broader trend.
“Namely, what’s referred to as ‘supply-chain attacks’. While a company’s internal systems may not have been affected, somewhere along the supply chain, one of their vendors that they rely on, was affected. So I think it’s really important for organizations — whether it be TransLink, ICBC, public sector, private sector — that they really start looking at cybersecurity and cyber risk management holistically,” he explained, adding businesses need to look at all of the systems, companies, and platforms they rely on, not just their own.
Related video: ICBC COVID-19 rebate cheques delayed due to cyberattack
On Dec. 2, TransLink said it was targeted by a cyberattack, forcing it to shut down some of its services.
Later that month, the union representing Metro Vancouver bus drivers confirmed many of its members’ pay was also impacted by the hack.
-With files from Nikitha Martins