Toronto library, zoo attacks show public bodies need to boost cybersecurity: experts
As the Toronto Public Library gradually works to restore full service following a crippling October cyberattack, experts are warning that public organizations need to find ways to bolster their ransomware defences, despite having limited resources.
A few months after the library attack, another city-owned institution suffered a digital breach: the Toronto Zoo announced last month that personal information of its current, former and retired employees had been stolen.
- Download our app to get local alerts on your device
- Get the latest local updates right to your inbox
The zoo has said the attackers gained access to past earnings information, social insurance numbers, birthdates, phone numbers and addresses of employees going as far back as 1989.
A local library network and a city zoo may not immediately seem like prime targets for the global ransomware industry, but one expert said they have a lot to offer prospective attackers.
Charles Finlay, the executive director of Rogers Cybersecure Catalyst at Toronto Metropolitan University, said public organizations make good targets because they store substantial amounts of personal employee data and because taxpayers expect them to be open and functioning.
Public organizations "are not going to be able to stay out of operation for very long and this provides leverage to the ransomware attackers to extort (payments)," he said. "Attackers view these organizations as having the resources to pay significant ransoms."
There is no indication the library paid a ransom, but restoring services has been a painstaking process.
In a statement released Monday, more than three months after the attack, the Toronto Public Library said it was beginning to put books back on shelves but that its catalogue and personal accounts would likely remain offline until later this month.
The zoo attack appears to have been significantly less damaging in terms of operations, but the zoo has offered all potentially affected current and former employees a complimentary two-year credit monitoring service as a "proactive step."
Finlay said that to guard against future damage, public organizations need to embrace cybersecurity best practices, including two-factor authentication, regular software and password updates and not clicking on links in emails from untrusted senders.
Attackers adjust quickly and public bodies need to evolve as the threats change, he added.
"Ransomware is a multibillion-dollar global industry," he said. "It's exceptionally lucrative. It is a very sophisticated industry with its own supply chains. It's an industry that innovates at a very fast pace.
"If you can make it just a little bit more expensive, a little bit more difficult for a ransomware gang to successfully attack your organization, they will go and look for something else to do," he said.
Cybersecurity expert David Shipley, of Beauceron Security in Fredericton, noted that attackers typically strike in areas where they don't live, to reduce the likelihood of being pursued by law enforcement.
"Most cyber criminals know it's really, really dumb to hack in the same jurisdiction where you live, because that's when you're most likely to actually get caught and prosecuted," he said.
Kim Crawley, a prominent cybersecurity writer, noted that even corporations that make substantial profits often struggle to budget enough for digital security.
"So imagine if you are an entity that's a government service that does not exist to generate profit, like the library," she said.
"Those entities don't exist to make money, so there might be even less incentive to spend money on cybersecurity. And then you can't even just decide to spend money on cybersecurity, because then what if that gets to be challenged in the library board or in city hall?"
Public and community bodies should look to pool resources to enhance their collective defences, she said.
The City of Toronto has said recently it is looking to bring its various boards and agencies under a single central IT system. The city said neither the zoo nor the library were part of its central IT systems prior to the recent attacks, nor did they fall under the responsibility of the Office of the Chief Information Security Officer.
Crawley said one challenge is that some decision-makers still view cyber expenses as a waste of money.
"I hope that this is a wake-up call for the Toronto Public Library and other organizations," she said. "If they can't afford to run their own security operation centre, they can share a security operation centre with other organizations."
This report by The Canadian Press was first published Feb 14, 2024.
CTVNews.ca Top Stories
![](https://www.ctvnews.ca/polopoly_fs/1.6976944.1721898750!/httpImage/image.jpg_gen/derivatives/landscape_800/image.jpg)
DEVELOPING Jasper wildfire burns buildings, while poor air quality forces some fire crews out
A fast-moving wildfire has hit Jasper, Alberta, destroying buildings and chasing some wildland firefighters away with dangerously poor air quality.
Alberta calls in army to assist with wildfire situation
Alberta has called in the Canadian Armed Forces to help assist with the worsening wildfire situation in the province.
Biden explains why he ended re-election bid in Oval Office address
U.S. President Joe Biden on Wednesday delivered a solemn call to voters to defend the country's democracy as he laid out in an Oval Office address his decision to drop his bid for reelection and throw his support behind Vice President Kamala Harris.
Barrie-Innisfil MPP 'blacked-out' and crashed car into window of child care centre
Staff at a Barrie child care centre say they are frustrated by what they call a local MPP's inadequate response after a car crashed through a window in one of the toddler rooms.
Norad intercepts Russian and Chinese bombers operating together near Alaska in apparent first
The North American Aerospace Defence Command (Norad) intercepted two Russian and two Chinese bombers flying near Alaska Wednesday in what appears to be the first time the two countries have been intercepted while operating together.
2 Canadians being 'sent home immediately,' removed from Olympic team after drone incident
An analyst and an assistant coach with Canada Soccer are being removed from the Canadian Olympic Team and 'sent home immediately,' according to the Canadian Olympic Committee.
An unwelcome attendee has joined the Paris Olympic Games: COVID-19
After a handful of Australian water polo players tested positive for COVID-19 this week, questions have emerged around how the spread of the disease will be mitigated at the Summer Olympic Games in Paris.
Vacations, meals, booze: Contractor used $100K of charity's money for personal expenses, B.C. court finds
A B.C. man who was hired to help a non-profit build a food hub but instead spent the money on personal expenses – including travel, restaurants, booze and cannabis – has been ordered to pay more than $120,000 in damages.
Male, female killed, 2 others injured in 'gun battle' outside Toronto plaza: police
Two people are dead and two others suffered serious injuries following a shooting that police have described as a 'gun battle' outside a plaza in Scarborough, Ont. early Wednesday morning.