The Canadian legislature plans to introduce a bill on June 14th which would make the reporting of cybersecurity breaches mandatory for private-sector organizations.
The legislations aims to target the underreporting of ransomware attacks which has proven to be a problem for cybersecurity regulators. According to SecOps report released by Deep Instinct, 38% of surveyed cybersecurity professionals admitted to paying ransoms for stolen data.
Many of these ransomware attacks, and the subsequent payoffs, go unreported creating a misleading view of the cybersecurity landscape for regulators.
Additional elements of the proposed legislation would allow the government to ban the use of new and existing equipment and services from certain manufacturers.
The aim of this amendment is to address allow the government to target manufacturers like Huawei and ZTE in order to protect critical infrastructure from potential spyware in their products.
This legislative change comes days after an announcement that the Canadian government was on “high alert” for Russian cyberattacks targeting critical infrastructure and key sectors of the economy.
“I cannot emphasize enough how important it is that, in the current geopolitical environment in which we find ourselves, that we are very much on high alert for potential attacks from hostile state actors like Russia,” said Public Safety Minister Marco Mendicino.