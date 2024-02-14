Toronto library, zoo attacks show public bodies need to boost cybersecurity: experts

Library
A person leaves Toronto Public Library in Toronto on Friday, Oct. 2, 2020. As the Toronto Public Library gradually works to restore full service following a crippling October cyberattack, experts are warning that public organizations need to find ways to bolster their ransomware defences, despite having limited resources. THE CANADIAN PRESS/Nathan Denette.

By Maan Alhmidi, The Canadian Press

Posted February 14, 2024 10:08 am.

As the Toronto Public Library gradually works to restore full service following a crippling October cyberattack, experts are warning that public organizations need to find ways to bolster their ransomware defences, despite having limited resources. 

A few months after the library attack, another city-owned institution suffered a digital breach: the Toronto Zoo announced last month that personal information of its current, former and retired employees had been stolen.

The zoo has said the attackers gained access to past earnings information, social insurance numbers, birthdates, phone numbers and addresses of employees going as far back as 1989.

A local library network and a city zoo may not immediately seem like prime targets for the global ransomware industry, but one expert said they have a lot to offer prospective attackers. 

Charles Finlay, the executive director of Rogers Cybersecure Catalyst at Toronto Metropolitan University, said public organizations make good targets because they store substantial amounts of personal employee data and because taxpayers expect them to be open and functioning. 

Public organizations “are not going to be able to stay out of operation for very long and this provides leverage to the ransomware attackers to extort (payments),” he said. “Attackers view these organizations as having the resources to pay significant ransoms.”

There is no indication the library paid a ransom, but restoring services has been a painstaking process. 

In a statement released Monday, more than three months after the attack, the Toronto Public Library said it was beginning to put books back on shelves but that its catalogue and personal accounts would likely remain offline until later this month.  

Related:

The zoo attack appears to have been significantly less damaging in terms of operations, but the zoo has offered all potentially affected current and former employees a complimentary two-year credit monitoring service as a “proactive step.”

Finlay said that to guard against future damage, public organizations need to embrace cybersecurity best practices, including two-factor authentication, regular software and password updates and not clicking on links in emails from untrusted senders.

Attackers adjust quickly and public bodies need to evolve as the threats change, he added.  

“Ransomware is a multibillion-dollar global industry,” he said. “It’s exceptionally lucrative. It is a very sophisticated industry with its own supply chains. It’s an industry that innovates at a very fast pace.

“If you can make it just a little bit more expensive, a little bit more difficult for a ransomware gang to successfully attack your organization, they will go and look for something else to do,” he said.

Cybersecurity expert David Shipley of Beauceron Security in Fredericton noted that attackers typically strike in areas where they don’t live to reduce the likelihood of being pursued by law enforcement. 

“Most cyber criminals know it’s really, really dumb to hack in the same jurisdiction where you live, because that’s when you’re most likely to actually get caught and prosecuted,” he said.

Related:

Kim Crawley, a prominent cybersecurity writer, noted that even corporations that make substantial profits often struggle to budget enough for digital security. 

“So imagine if you are an entity that’s a government service that does not exist to generate profit, like the library,” she said. 

“Those entities don’t exist to make money, so there might be even less incentive to spend money on cybersecurity. And then you can’t even just decide to spend money on cybersecurity, because then what if that gets to be challenged in the library board or in city hall?”

Public and community bodies should look to pool resources to enhance their collective defences, she said. 

The City of Toronto has said recently it is looking to bring its various boards and agencies under a single central IT system. The city said neither the zoo nor the library were part of its central IT systems prior to the recent attacks, nor did they fall under the responsibility of the Office of the Chief Information Security Officer.

Crawley said one challenge is that some decision-makers still view cyber expenses as a waste of money.  

“I hope that this is a wake-up call for the Toronto Public Library and other organizations,” she said. “If they can’t afford to run their own security operation centre, they can share a security operation centre with other organizations.”

Submit a Correction
Accessibility Feedback

Top Stories

Significant snow on the way for Toronto, GTA. Here's when it will arrive
Significant snow on the way for Toronto, GTA. Here's when it will arrive

Torontonians may need to break out the snow shovels ahead of the Family Day long weekend with the first significant snowfall of the month expected to hit the city this week. There is a slight chance...

4h ago

Suspects forcibly remove driver from vehicle in North York carjacking: police
Suspects forcibly remove driver from vehicle in North York carjacking: police

Toronto police say two people have been arrested following a carjacking at a gas station earlier this week in North York. Officers were called to the area of Don Mills Road and Sheppard Avenue East...

2h ago

Calls grow for national pharmacare after poll finds Canadians can't afford medication
Calls grow for national pharmacare after poll finds Canadians can't afford medication

There are deepening demands that the federal government roll out a national pharmacare program after two leading Canadian medical groups found some people are skipping their medication because it's too expensive.

1h ago

An unprecedented look inside the sex lives of Canadians
An unprecedented look inside the sex lives of Canadians

In today's Big Story Podcast, there's simply never been a Canadian sex survey that's comprehensive, scientific and intimate all at once. For decades we've relied on data from the United States, unscientific...

Big Story Podcast

3h ago

Top Stories

Significant snow on the way for Toronto, GTA. Here's when it will arrive
Significant snow on the way for Toronto, GTA. Here's when it will arrive

Torontonians may need to break out the snow shovels ahead of the Family Day long weekend with the first significant snowfall of the month expected to hit the city this week. There is a slight chance...

4h ago

Suspects forcibly remove driver from vehicle in North York carjacking: police
Suspects forcibly remove driver from vehicle in North York carjacking: police

Toronto police say two people have been arrested following a carjacking at a gas station earlier this week in North York. Officers were called to the area of Don Mills Road and Sheppard Avenue East...

2h ago

Calls grow for national pharmacare after poll finds Canadians can't afford medication
Calls grow for national pharmacare after poll finds Canadians can't afford medication

There are deepening demands that the federal government roll out a national pharmacare program after two leading Canadian medical groups found some people are skipping their medication because it's too expensive.

1h ago

An unprecedented look inside the sex lives of Canadians
An unprecedented look inside the sex lives of Canadians

In today's Big Story Podcast, there's simply never been a Canadian sex survey that's comprehensive, scientific and intimate all at once. For decades we've relied on data from the United States, unscientific...

Big Story Podcast

3h ago

Most Watched Today

2:55
Pro-Palestinian protest outside Mount Sinai Hospital sparks outrage
Pro-Palestinian protest outside Mount Sinai Hospital sparks outrage

All levels of government are condemning a demonstration outside Mount Sinai Hospital Monday, while pro-Palestinian protest organizers deny they were targeting the hospital and call the outrage a distraction.

13h ago

0:38
Ride-share drivers planning Valentine's Day strike to fight low wages
Ride-share drivers planning Valentine's Day strike to fight low wages

Drivers for companies like Uber and Lyft are planning to strike on Valentine's Day, which could impact many couple's celebration plans.

22h ago

0:38
Driver of truck facing impaired driving charges following crash on 427
Driver of truck facing impaired driving charges following crash on 427

As a result of the crash, one man was taken to hospital with serious injuries.

22h ago

0:34
Driving on the Gardiner Expressway is about to get more painful, for years
Driving on the Gardiner Expressway is about to get more painful, for years

Lane closures are coming to a stretch of the Gardiner for three years, making traffic getting into the city more congested.

22h ago

2:18
We could see some snow later in the week
We could see some snow later in the week

Skiers rejoice - we could finally see some snow in the forecast. Natasha Ramsahai has the details.

More Videos