Go to the Globe and Mail homepage

Jump to main navigationJump to main content

John Proctor, the head of CGI Group’s cybersecurity division, says the company spots about 30 million ‘events’ on its customers’ networks every week. (COLE BURSTON FOR THE GLOBE AND MAIL)
John Proctor, the head of CGI Group’s cybersecurity division, says the company spots about 30 million ‘events’ on its customers’ networks every week. (COLE BURSTON FOR THE GLOBE AND MAIL)

Hacked: The escalating arms race against cybercrime Add to ...

Martin Knuth is one of Home Depot’s most loyal customers. But after the home improvement giant revealed last month that hackers had accessed the confidential credit card information of 56 million North American customers, the Regina retiree became concerned enough to help launch a class action lawsuit against the retailer.

So far, Mr. Knuth hasn’t found any fraudulent charges on his account – and he still shops at Home Depot. “It hasn’t changed my buying, per se,” said Mr. Knuth, who estimates he shops at his nearby Home Depot 10 times more than the average person. However, he acknowledged that the risk of his data being compromised “is still fairly high.”

Massive data breaches affecting tens of millions of people like Mr. Knuth are occurring with alarming frequency. In the past few months, a slew of hacks have taken place at companies such as Kmart, Staples, Dairy Queen and JPMorgan, where more than 80 million accounts were exposed. Three of the top 10 data breaches in history happened this year and experts say 2014 will be the worst on record, surpassing last year’s tally of 822 million exposed records worldwide, according to cybersecurity firm Risk Based Security. That’s almost double the number from 2011 and the actual figure could be far higher since experts say most breaches are kept quiet.

Up to now, data theft has been little more than an inconvenience for most victims, something consumers have more or less gotten used to. But the threats are accelerating. Data raiders have become more sophisticated and organized, and their attacks so crafty that breaches can go undetected for months. And they aren’t just pilfering credit card information, but stealing corporate secrets and in some cases threatening to lock users out of their computers unless they pay digital ransoms.

“We’ve created this perfect platform of evil,” with increasing reliance on the Internet that ties together mobile computers, social networks, cloud and websites, said David Dewalt, chief executive officer of FireEye Inc., a security software company in Milpitas, Calif. “You throw all that in a petri dish with no governance model, complete anonymity and a lot of intellectual property one click away. That creates a very interesting model for attackers to use to get into systems that we now completely rely on – our critical infrastructure, our smart grid, our transportation industry, our financial systems, our military.”

In response, data keepers, ranging from hospitals to governments and corporations, which now spend tens of billions of dollars a year on corporate security globally, have realized their main defences are ineffective at stopping the bad guys, and they will have to spend much more on newer more powerful tools in the coming years. The digital data arms race has just begun, and “it’s possible that it will go on for many decades,” said Larry Ponemon, whose Ponemon Institute tracks trends in the cybersecurity market. “At this point … it looks like we’re losing this battle.”

‘It’s about being resilient’

Visitors to CGI Group Inc.’s security operations centre in east-end Ottawa are greeted by an alarming sight: A digital world map engulfed in what looks like real-time nuclear war. Coloured missiles fire across the Atlantic Ocean from origin points in China and Eastern Europe. When they land in the United States, a ring expands out from the impact point, like a bomb going off. It’s a Thursday afternoon in mid-October, and the U.S. appears to be under full-on attack.

That’s exactly what’s happening, but the missiles are virtual and armed with ones and zeros. This is a “live threat map,” produced by security software firm Norse, and at this moment there are 770 live cyberattacks happening in the United States. In Canada, there are 50 cyberattacks ongoing.

More unsettling is that this map likely only shows a fraction of the cyberattacks actually under way, according to Chris McEwan, CGI’s vice-president of global cybersecurity services. “We don’t use this for anything” except for media and client visits, he admitted.

The building is one of 10 security operating centres deployed by Montreal-based CGI, an information technology service provider, and it’s feeding one of the company’s fastest-growing businesses, cybersecurity. CGI monitors data traffic for an undisclosed number of customers (clients include 40 Canadian government departments, the Canadian Payments Association and National Bank of Canada).

Report Typo/Error
Single page

Follow us on Twitter: @SeanSilcoff, @shanedingman

Next story




Most popular videos »

More from The Globe and Mail

Most popular