Category: continuity
-
Targeted Phishing Attack Affects Canadian Investors
In August 2025, a targeted phishing campaign compromised sensitive investor information held by the Canadian Investment Regulatory Organization (CIRO), ultimately affecting approximately 750,000 Canadian investors. Following an extensive forensic investigation exceeding 9,000 hours, CIRO publicly confirmed the full extent of the breach on January 14, 2026. The incident affected a defined subset of current and…
-
Resilience Over Compliance
Cyber threats are accelerating, and Canadian businesses face a critical reality: attacks aren’t a matter of if, they’re a matter of when. In the first half of 2025 alone, Canada saw 11.9 billion cyberattack attempts. With AI-driven phishing, ransomware, and even future quantum risks on the horizon, organizations need more than compliance checklists—they need resilience.…
-
Cybersecurity Warning: 2FA Essential for Businesses
The Canadian Centre for Cyber Security is issuing an urgent warning: cyberattacks targeting critical infrastructure are increasing, and organizations must act now to protect their systems. Recent investigations by the Centre and the Royal Canadian Mounted Police (RCMP) uncovered multiple incidents where hackers exploited industrial control systems (ICS) exposed to the internet. These attacks caused…
-
Rising AI Threats in Canada
Canada’s cyber insurance market is showing signs of recovery after years of volatility, according to a new report from the Insurance Bureau of Canada (IBC). The report, The Canadian Cyber Insurance Market, highlights how improved underwriting practices, better loss predictability, and broader product availability have helped insurers regain balance. Between 2019 and 2023, the industry…
-
Cyber Risk Doesn’t End on Day One
Cyber attacks are no longer isolated incidents—they’re long-tail events that can stretch from the initial breach to months or even years of legal, financial, and reputational fallout. While headlines often focus on the moment of impact, the real challenge for businesses begins when stakeholders start asking tough questions: How did it happen? Were we prepared?…
-
Government of Canada MFA Breach
On August 17, 2025, the Government of Canada disclosed a cybersecurity incident involving 2Keys Corporation, a third-party provider of multi-factor authentication (MFA) services used by CRA, ESDC, and CBSA. A routine software update introduced a vulnerability that exposed phone numbers and email addresses of users who accessed these services between August 3 and 15. Some…
