30in30 – Post 12 – Taking Control: Reporting Cyber Attacks and Empowering Change.

Welcome to the 30-in-30 blog campaign! I’m excited to launch this initiative, which involves publishing a brand new blog post every single day for the next 30 days. I will not mince words about this. It is hard to keep it up, stay engaging, relevant and interactive. More about this campaign is at the end of this article.

If you want to know the step by step process in Canada for reporting a cybercrime, attack, or breach to law enforcement, go to the end of this article.

What is the law on reporting a breach?

Currently, there is no specific federal law in Canada that mandates reporting of all cyber breaches to a central authority. However, there are certain industry-specific regulations and provincial legislation that may impose reporting obligations in certain circumstances.

This is a double edged sword. In one sense, it enables organizations to take full responsibility for the security of their environment. It means less overhead, governance, cost, and independence from oversight. The imposition of such may prove very taxing to small companies that are struggling in their day-today operations to stay afloat.

On the other hand, it means that organizations may be getting breached constantly, but since it is not reported to customers, authorities, or the media, no-one is the wiser. How many times can an organization be breached and recover, before it irreparably impacts the business. It happens more often than you think. Think of these scenarios:

  • Company website down for maintenance during the day? : breach.
  • Cash only today, card readers are down. : breach
  • Getting SPAM emails with an email address you have only used online for ecommerce at a single site. : breach
  • Sorry, thanks for your patience. The computers are running slow today. : breach
  • Train schedules are not displaying properly on monitors. : breach
  • Ambulances getting re-routed to other hospitals, or extremely long wait times. : breach

Just about everybody has experienced some of these in their daily lives. Some of these are reported when the victims are obligated by law, but more often than not, they are stories not told outside of a select few people inside an organization.

Why are breaches not reported?

The CDS, or Canadian Digital Service, did some research and found out the following:

● Victims are unsure if what they experienced was actually a crime;
● Victims don’t know what their options are for reporting;
● Victims had been disappointed or intimidated by law enforcement in the past

When people are let down, confused, or overwhelmed by a reporting service, they become less likely to trust or engage with it in the future.

1. Victims take minor preventative measures, or adjust to the new norm:

● Many potential victims were unsure as to where to begin in terms of cybercrime prevention and maintenance

● Victims of cybercrime develop coping mechanisms to do their best to control what they can. They find ways to navigate problems as they arise.

● Victims will rely on IT experts, service providers, family, and friends that they really trust to bridge gaps in knowledge and best practices online.

2. When people become victims they may be unable to explain what just happened to them:

● Many cybercrime victims were very unsure if what they experienced was actually considered a crime.

● Victims were also less likely to consider cybercrime an actual crime because they blamed themselves for not being “careful”, or “tech-savvy” enough to prevent the event

● Some victims were ashamed of having lost money online and disappointed in themselves.

● Some people define being a victim as having lost something.

● People stop reporting when they are not aware that what they experienced warrants finding help. Or, when they are unable to find that help to begin with.

3. Victims reach out to law enforcement in seek of immediate help:

● For many victims and potential victims, speaking with local police directly is the only way of contacting law enforcement that they have used before, or know of.

● They might call 911 or visit the police in-person because they see it as the only way of contacting the police.

● Victims measure the urgency of a cybercrime based on the potential for loss or damage

● For those who have had negative interactions with the police before, or minimal interactions, reporting a cybercrime to the police feels like a dead-end (especially for “problem solvers”).

4. Victims find reporting to the police a challenging process to navigate:

● Victims of cybercrime currently do a lot of guesswork when it comes to managing expectations and collecting evidence of a cybercrime. They navigate a lot of grey area.

● It is challenging for victims to identify and collect evidence for the purpose of a report

● Even if they feel they might know what evidence is useful. They have a hard time identifying and then saving information from cybercriminals.

Why should you report a breach?

It’s crucial for victims of cyber attacks to take a stand and report these incidents to the authorities. While concerns about privacy, legal culpability, and loss of client confidence may arise, understanding the importance of reporting and the potential positive outcomes can empower victims to reclaim control of their digital lives. So, let’s dive in and explore why reporting cyber attacks matters.

Combating Cybercrime:

Reporting cyber attacks plays a vital role in the ongoing battle against cybercrime. By alerting the authorities, you contribute to the collective fight against hackers, fraudsters, and malicious actors. The information you provide helps law enforcement agencies investigate, track down perpetrators, and dismantle criminal networks. Your actions not only protect yourself but also help prevent future attacks on others.

Safeguarding Others:

By reporting a cyber attack, you become an agent of change, protecting potential victims from falling into the same trap. Cybercriminals often target multiple individuals or organizations, exploiting vulnerabilities and reusing tactics. Your report can enable authorities to issue public warnings, share preventive measures, and enhance cybersecurity awareness, ultimately reducing the number of victims.

Regaining Control:

A cyber attack can leave you feeling violated and powerless. Reporting the incident to the authorities is a proactive step toward regaining control of your digital life. It sets the wheels in motion for investigation, potential recovery of stolen data or funds, and even the possibility of bringing the perpetrators to justice. By taking action, you shift from being a victim to becoming an advocate for change.

Protection and Support:

Authorities understand the sensitivity and potential legal concerns surrounding cyber attacks. When you report an incident, they work to protect your privacy and provide guidance on legal matters. By cooperating with law enforcement, you can ensure that appropriate measures are taken to safeguard your personal information, mitigate further risks, and seek justice if necessary.

Rebuilding Trust:

While concerns about client confidence may arise, transparently reporting cyber attacks can actually strengthen trust in the long run. Promptly informing affected clients or customers demonstrates your commitment to their security and well-being. Openly addressing the incident, sharing the steps taken to rectify the situation, and providing guidance on protective measures can help rebuild confidence and assure clients that you are taking their concerns seriously.

Reporting a cyber attack is not an easy decision, but it is a brave and necessary one. By reporting incidents to the authorities, you actively contribute to the fight against cybercrime, safeguard others from falling victim, and receive protection and support from legal entities. Furthermore, transparent reporting can help rebuild client confidence and strengthen your relationships with them. Remember, you are not alone—by reporting cyber attacks, you become part of a collective effort to create a safer digital world for everyone.

How to contact law enforcement in Canada to report a Cyber incident.

  1. Determine the type of cyber incident: Identify the nature of the incident, such as hacking, data breach, online fraud, malware attack, or any other cybercrime.
  2. Document evidence: Gather as much information and evidence as possible regarding the incident. This includes any relevant files, emails, screenshots, or logs that can help in the investigation.
  3. Report to the Canadian Centre for Cyber Security (CCCS) (Recommended one-stop shop): The CCCS is the national authority responsible for protecting Canada’s cyber systems. They have created a portal to front-end any type of cyber incident, then redirect you to the proper authorities based on the type of incident. You can also submit malware for analysis and they will assign you a case number for follow-up. https://portal-portail.cyber.gc.ca/en/
  4. Contact your local authorities: Start by reporting the incident to your local police department or the Royal Canadian Mounted Police (RCMP). Provide them with a detailed account of what happened and any evidence you have collected. They will guide you through the appropriate steps and may escalate the matter to specialized cybercrime units.
  5. Report to the Canadian Anti-Fraud Centre (CAFC): The CAFC is the central agency in Canada that deals with fraud-related matters. You can report cyber incidents involving fraud, scams, or identity theft to the CAFC. They will collect the information and work with law enforcement agencies to investigate the matter. You can reach the CAFC by phone at 1-888-495-8501 ( they answer calls Monday to Friday, from 9 am to 4:45 pm (Eastern time) and close on holidays) or online at www.antifraudcentre-centreantifraude.ca.
  6. Report to the National Cybercrime and Fraud Reporting System (NCFRS): The CAFC in conjunction with the RCMP National Cybercrime Centre (NC3) have a new portal for reporting cybercrime. It does a better job of consolidating evidence and data, in an easy workflow. However, its still in beta, but is improving all the time. About 25 users a day will get automatically redirected to it from the CAFC. https://www.rcmp-grc.gc.ca/en/new-cybercrime-and-fraud-reporting-system

Who else should you contact?

  1. Notify your Internet Service Provider (ISP): Contact your ISP and inform them about the incident. They may provide guidance or take measures to secure your account or network. This is especially the case in a Distributed Denial-of-Service (DDoS) attack.
  2. Inform relevant organizations: If the incident involves compromised personal information, notify the affected parties, such as customers or clients, and inform them about the breach. If the incident occurred in a workplace or educational institution, report it to your organization’s IT department or system administrator.
  3. Legal Counsel: It is important to have legal counsel that is specialized in cybersecurity and data privacy. If you do not have them on retainer, then at least have it documented who you should call.
  4. Insurance Provider: If you have Cyber Insurance, then this should be your first call. They will coordinate the efforts and involve 3rd parties as required.
  5. Incident Response Team: In the case of a breach, you should have an IR team on retainer and a documented IR plan. This will get your issue resolved in the quickest manner.

What can be done proactively, so that I don’t get breached?

I suggest investing in your organizations security. An once of prevention (planning) is worth a pound of cure (or save you from spending millions in bitcoin to get control of your systems again).

  1. Know your asset and service inventory
  2. Know your attack surfaces
  3. Know your vulnerabilities
  4. Know your risks
  5. Create a strategic cybersecurity plan
  6. Mitigate or remove the highest risks
  7. Get organizational buy-in to spend according to the timeline of the strategic plan.
  8. Transfer residual risk via cyber insurance
  9. Accept the remaining risks

Or, you can outsource to a third party to do all the work for you. This makes the most sense for organizations that want to optimize spend, do not have dedicated security staff, or need immediate results and don’t have time to hire, train, and build an internal SOC. I suggest a Managed Detection and Response (MDR) provider as a good place to start.

Thanks for reading this far.

My aim with this campaign is to provide readers with valuable content, insights, and inspiration that can help in their personal and professional lives. Whether you’re looking to improve your productivity, enhance your creative strategies, or simply stay up-to-date with the latest news and ideas in cybersecurity, I’ve got something for you.

But this campaign isn’t just about sharing our knowledge and expertise with you. It’s also about building a community of like-minded IT and security focused individuals who are passionate about learning, growing, and collaborating. By subscribing to the blog and reading every day, you’ll have the opportunity to engage with other readers, share your own insights and experiences, and connect with people in the industry.

So why should you read every day and subscribe? Well, for starters, you’ll be getting access to some great content that you won’t find anywhere else. From practical tips and strategies to thought-provoking insights and analysis, the blog has something for everyone that wants to get current and topical cybersecurity information. Plus, by subscribing, you’ll never miss a post, so you can stay on top of the latest trends and ideas in the field.

But perhaps the biggest reason to join the 30-in-30 campaign is that it’s a chance to be part of something bigger than yourself. By engaging with the community, sharing your thoughts and ideas, and learning from others, you’ll be able to grow both personally and professionally. So what are you waiting for? Subscribe, and for the next 30 days and beyond, let’s learn, grow, and achieve our goals together!

One thought on “30in30 – Post 12 – Taking Control: Reporting Cyber Attacks and Empowering Change.

Comments are closed.