Cyber attacks are becoming increasingly common across both the public and private sectors. Cyber criminals use unauthorized access or malicious code to alter computer code, logic, or data resulting in disruptive consequences that can compromise data or misappropriate key systems and resources.
The United States Computer Emergency Response Team (US-CERT) program says a cyber-attack can include, but is not limited to:
- Attempts (either failed or successful) to gain unauthorized access to a system or its data
- Unwanted disruption or denial of service
- The unauthorized use of a system for the processing or storage of data
- Changes to system hardware, firmware or software characteristics without the owner's knowledge, instruction, or consent.
Cyber-attacks can also include the deployment of ransom malware or "ransomware." When a ransomware attack strikes an organization the end goal is not usually to expose personal information. Instead the attackers block access to certain operations or hold servers hostage. The attackers encrypt a number of systems and make them unusable. They also encrypt back-ups which can only be decrypted by a digital "key". In most cases, data theft or transfer is highly unlikely. Instead, it is of far greater benefit to the cyber-attacker to get paid by releasing the digital key.
In the last several years, many organizations - public and private sector - have taken significant steps to strengthen and harden their networks and other digital assets. Despite these wide-reaching efforts, some organizations may still fall victim to a ransomware attack.
When this occurs in a municipality, staff may encounter difficulties accessing and providing information you have requested, administering reservations and bookings, accepting and providing payments, and communicating electronically.
During these incidents, residents should be prepared to speak with municipal staff by phone or in person, expect longer processing times, and follow up on expected payments.
Types of Cyber Attacks
| Malware |
| Software that is designed to cause damage. |
| Phishing |
| A ploy to obtain sensitive information such as user names, passwords and credit card details by using deceptive emails and websites. |
| Ransomware |
| A type of malware that threatens to publish data or block access to it unless a ransom is paid. |
| Spoofing |
| An individual or program pretends to be a trusted source to gain information. |
| Whaling |
| A specific type of phishing attack targeting high-profile employees, such as the chief executive or chief financial officer who typically have access to sensitive data. The goal is to manipulate the executive to authorize high-value wire transfers. |
Resources
Information on this webpage is adapted from articles at:
https://www.getcybersafe.gc.ca/cnt/rsrcs/csam-tlkt-en.aspx
https://www.getcybersafe.gc.ca/cnt/rsrcs/nfgrphcs/index-en.aspx
Contact Us
Subscribe to this page
