Skip to main content
The Globe and Mail
Get full access to globeandmail.com
Support quality journalism
Just $1.99 per week for the first 24weeks
Just $1.99 per week for the first 24weeks
The Globe and Mail
Support quality journalism
Get full access to globeandmail.com
Globe and Mail website displayed on various devices
Just$1.99
per week
for the first 24weeks

var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){console.log("scroll");var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))}pencilInit(".js-sub-pencil",!1);

LifeLabs signage is seen outside of one of the lab's Toronto locations, Tuesday, Dec. 17, 2019. The LifeLabs breach included a database containing health-card numbers, passwords and more, while as many as 85,000 Ontarians’ medical-test results were obtained.

Cole Burston/The Canadian Press

When LifeLabs Medical Laboratory Services revealed in December that the personal information of as many as 15 million Canadians had been stolen in a cyberattack, it had the distinction of capping off a historical year for Canadian data breaches.

Even before the LifeLabs incident, most Canadians – more than 28 million – were affected by 680 breaches between Nov. 1, 2018, and October, 2019, according to the federal privacy commissioner.

There were four million people who had data stolen from the Desjardins Group credit union. A Capital One Financial Corp. breach affected six million Canadians. In mid-December, the LifeLabs breach included a database containing health-card numbers, passwords and more, while as many as 85,000 Ontarians’ medical-test results were obtained.

Story continues below advertisement

Innovation has always been an arms race – not just among companies and countries, but between bad actors and everyone else. Advances in cybersecurity are met with advances in threats: data breaches, ransomware and privacy infringements as personal as in-home camera hacking. And cybersecurity experts say Canadian governments, citizens and businesses each need to arm themselves for the coming threats.

Things are going to get worse.

“Breaches are not going away,” says Sylvia Kingsmill, a Toronto-based KPMG partner who leads its national privacy and information-management team. “They’re going to increase in size, scope and magnitude. And they’re going to be happening in parallel with one another.” Senior corporate managers need to recognize that this is going to be the new norm. “Try and take preventative steps to pretend like it’s going to happen every day,” Ms. Kingsmill says.

Ray Boisvert, a former assistant director with the Canadian Security Intelligence Service who is now a security-focused associate partner with IBM Canada, adds: “Threat actors are so profitable they can keep investing in themselves.” Companies don’t just need to increase cybersecurity budgets to prevent problems − they also need a response plan in place. This includes a plan to responsibly communicate what happened in an attack to customers, stakeholders and the media, Mr. Boisvert says.

Governments will need to act.

Canadian law is particularly toothless when it comes to data breaches. “There are no consequences in Canada,” says David Shipley, chief executive of Beauceron Security Inc. in Fredericton. “It doesn’t have to be this way.” While Ottawa unveiled a “digital charter” in 2019 and promised data-protection legislation, federal Privacy Commissioner Daniel Therrien has argued that the government’s promises don’t go far enough.

Mr. Shipley agrees, pointing to the European Union’s General Data Protection Regulation, implemented in 2018, which allows countries to fine organizations for insufficient data-security measures.

Story continues below advertisement

How does Canada compare? “Imagine you’re a crime-scene investigator,” he says, “but you can’t charge the perpetrator. … If companies are not held accountable, they will not invest in security.”

New ways in.

Security experts have a range of views on smart home devices such as the Google Home speaker or the (reportedly rather hackable) Amazon Ring cameras. Few of those views are optimistic; some are dire.

“Don’t put internet-connected cameras in your house; don’t put internet-connected microphones in your house,” Mr. Shipley says.

Others take a more moderate approach; Greg Young, the Ottawa-based vice-president of cybersecurity at Trend Micro Inc., says people simply need to be cautious – don’t install cameras indoors, for instance, or at least ensure they’re off when you’re home.

This gets more complicated when intertwined with another trend: remote work. Employees working outside of a company network need to take extra precautions with network security, and keep smart recording devices out of their work space, Mr. Young says. “Even if they work for a secure company, their home environment may not be secure.”

Story continues below advertisement

Threats will get more creative.

As artificial-intelligence technology continues to rapidly mature, so, too, will the abilities of bad actors. Manipulated videos or audio recordings using “deepfake” AI tech could be used to manipulate investors, and in turn, stock prices; workers could be duped by fake recordings of managers or executives to work against a company’s best interest.

And while the growing number of sensors and computing capabilities in industrial devices can help companies become more efficient, they can also become security risks without precaution and planning. The further development of more powerful and faster 5G telecom networks and hardware, too, will come to the fore in 2020 −particularly as Canada continues to weigh the risks of letting Huawei Technologies Co. Ltd. deploy its 5G tech here.

The downside of quantum innovation.

As powerful quantum computing becomes more accessible in the coming years, it will come with danger. Researchers at the U.S. National Institute of Standards and Technology believe that quantum computers could crack today’s encryption standards within the next decade. Businesses need to review their encryption systems now and prepare to be agile.

“2020 is really the time to be thinking about how you factor that into design plans,” says Scott Totzke, CEO of Waterloo, Ont., quantum-security firm ISARA Corp.

Story continues below advertisement

Your time is valuable. Have the Top Business Headlines newsletter conveniently delivered to your inbox in the morning or evening. Sign up today.

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies