‘No end’ to cybersecurity threats during pandemic

More online con artists targeting e-commerce, banking as COVID-19 crisis deepens

The Exchange tower at 475 Howe Street, where Mastercard will open a new centre aimed at fighting cybercrime | Rob Kruyt

While COVID-19 thrust much of the economy into hibernation throughout the spring, there was no such slowdown for cybersecurity specialists on the West Coast, according to Robert Capps.

“There’s been no end to the work, that’s for sure,” said the vice-president of market innovation at NuData Security Inc., now a division of Mastercard Inc. (NYSE:MA) following the 2017 acquisition of the Vancouver-founded company.

While partners in travel, live events, conferences, concerts and theatres “have been decimated by the travel restrictions and the stay-at-home orders,” Capps said NuData saw significant uptakes in activity related to e-commerce and online banking – two of its biggest client bases.

The first four months of 2020 marked a nearly 20% jump in online traffic, “which doesn’t correlate to seasonality or anything else when you look this year to last year,” he said, adding that figure includes the months of January and February when activity was at normal levels.

E-commerce activity increased 57% year-over-year during the same period while online banking experienced a more than 20% increase, according to Capps.

“That’s massive,” he said.

“And we’re still seeing this ramp up as lockdowns continue in different parts of the world.”

NuData specializes in cybersecurity fields such as passive biometrics and behavioural analytics, using data that can be collected and compared to previous interactions. For example, its technology can predict how long it typically takes a user to go from one letter or number to the next as they type in their passwords.

A cybercriminal, however, would punch in the password using a different cadence as they hunt and peck an unfamiliar password.

NuData can detect those differences and raise alarm bells if it appears a user’s credentials have been compromised.

“It’s a fluid motion, it’s something that can be compared to my previous interactions – way beyond just putting your finger on a reader or doing a facial scan,” Capps said. “You can [steal] a user name and password, but it’s not useful if you’re not the human it belongs to.”

At Fortinet Inc.’s (Nasdaq:FTNT) offices in neighbouring Burnaby, cybersecurity specialists have also witnessed shifts in how people are being targeted online during the pandemic.

Derek Manky, the company’s chief of security insights and global threat alliances, told Business in Vancouver that con artists have taken to “COVID-19 lures” in which they impersonate health authorities via email to phish for personal information.

Fortinet security researcher Aamir Lakhani said the threat of ransomware attacks remains, and companies have little recourse but to pay off hackers that have taken over their systems.

The Canadian Centre for Cybersecurity, a unit of the federal Communications Security Establishment, has cautioned that cybercriminals may be taking advantage of the crisis by using the increased pressure placed on health organizations to extract ransom.

While some tech companies are reassessing expanding in Vancouver amid the pandemic, Mastercard isn’t backing away from plans to open a $510 million cybersecurity centre in the city.

The centre, announced in January with a $49 million incentive from the federal government, would maintain about 380 jobs in the city to tackle cybersecurity (NuData already has 100 workers on its roster).

The announcement came during the same month that e-commerce giant Shopify Inc. (TSX:SHOP) revealed plans for a 1,000-person office in the downtown core.

Shopify backed away from that idea in May and instead plans to create a “recruitment hub” in Vancouver while maintaining a primarily remote workforce.

But Capps said Mastercard is focused on developing the half-billion-dollar centre as cyberthreats shift during the pandemic.