Canada has faced an uptick in distributed denial of service (DDoS) attacks, impacting the government, finance and transportation sectors.
The Canadian Centre for Cyber Security (the Cyber Centre) issued an alert on these attacks, with some reports suggesting a connection to state-backed cyber groups. There is also more information about these types of attacks in the Cybersecurity and Infrastructure Security Agency (CISA) guideline on the topic.
What is a DDoS attack?
A DDoS attack is one in which actors use tools to disrupt and harass organizations by overwhelming systems, such as an application or website, to make that system unreachable or inaccessible. Notably, DDoS attacks are also often used to divert attention away from other types of attacks. Once the attack stops, most systems resume normal operation.
Consequences of an attack
Experiencing a DDoS attack generally means, at a minimum, downtime for an organization during which its services are not accessible. In turn, this downtime can lead to financial, reputational and legal consequences.
What can organizations do?
It is important to take steps to protect your organization both before, during and after a DDoS attack. The above guidelines from both the Cyber Centre and CISA have technical guidance for organizations before, during and after such attacks. In addition, you may wish to consult legal counsel to understand your obligations in relation to such attacks.
How we can help
The MLT Aikins Privacy, Data Protection & Cybersecurity team has significant experience advising organizations in a range of incidents. Contact us to learn more.
Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.