PYMNTS-MonitorEdge-May-2024

Canada Finance Department Assesses Cyberattack Risk

Internal analysis at Canada’s federal Department of Finance is warning of the risk of a cyberattack that could have significant effects on the entity, reports in The Globe and Mail said on Wednesday (July 11).

Internal documents seen by reporters revealed concerns of a cyberattack that the Finance Department did not disclose publicly. The document, prepared in February for Deputy Finance Minister Paul Rochon, includes a list of seven key risks ranked in terms of significance.

According to the analysis, the department was warned of a “medium” likelihood of a data breach or a disruption that would cause a “significant” impact that would affect its “capability to provide policy options and advice and to execute critical government operations.”

“Of the seven corporate risks … five are now considered key corporate risks because of their significant risk score (high and medium-high level) and their link to the departmental mandate,” the document read.

The document also issued a strategy to mitigate these risks, an initiative that includes increased IT security and greater collaboration with Shared Services Canada, which provides the Canadian government’s central email and data management system.

The publication said it obtained the document through the Access to Information Act.

In a statement sent to The Globe and Mail this week, a spokesperson for the finance department, Jack Aubry, said the department has already taken measures to address the risk of a cyberattack, including separating the IT network that contains budget information and raising awareness of security issues.

“Threats in cyberspace are complex and rapidly evolving; now more than ever, cybersecurity is of paramount importance,” Aubry said. “Evolving cyberthreats to IT security require constant vigilance and continue to be rigorously monitored.”

Reports noted that the document revealed four additional threats to the department that were not disclosed in a public report released earlier this year. They include the inability for the department to attract and retain staff, to fulfill objectives of collaboration due to inability to adequately and consistently store and manage data, and to meet client expectations on government-wide projects.

PYMNTS-MonitorEdge-May-2024