This week, the Internet security firm Websense released a report on cyber-crime in Canada. The bottom line is that malicious activity online is on the rise in Canada, but let’s make one thing clear: This report is referring to websites hosted in Canada, not to .CA per se. Canada may rank second for malicious behaviour for hosted sites, but it has nothing to do with .CA.
This is clearly a hosting issue. Canada, though in reality a relatively small player, is experiencing an increase in online criminal activity. And, though it is not a .CA problem, it is something CIRA takes very seriously. At CIRA, the safety and security of .CA is of utmost importance.
That said, I’m not surprised at the findings in the Websense report. As part of the Canadian Internet Forum, we surveyed Canadians on what they felt were the key Internet-related issues for Canada. Security was the top challenge identified by Canadians. As the Internet becomes more integral to the Canadian economic and social landscape, there will be more who would like to take advantage of that fact in a criminal manner.
Some of the statistics around cyber-crime in Canada are startling. According to a 2010 report from Norton, cyber-crime cost Canadians $5.5-billion in 2010. The Websense report found that Canada has experienced a 39 per cent increase in botnets, and a 239 per cent increase in malicious websites over the past year. And, Canada is now the number two country for hosting phishing sites, though again I must point out that this does not mean .CA. According to a report from the AntiPhishing Working Group (.PDF):
“Phishing is generally distributed by top-level domain market share, but 93% of the malicious domain registrations were in just four TLDs: .TK, .COM, .INFO, and .IN.”
Note that this list does not include .CA. In fact, in the same report, the AntiPhishing Working Group reported that there were no malicious .CA domains registered in the second half of 2011.
We all have a role to play in keeping the Internet safe and secure for everyone. At CIRA, security is job number one. That’s why .CA is consistently ranked as one of the safest top-level domains, and we are working at making .CA even more secure. Later this summer, we will be implementing Domain Name System Security Extensions (DNSSEC), an important set of extensions that provide an extra layer of security to the domain name system (DNS). Once implemented, DNSSEC will provide Canadian Internet users with a more secure Internet experience.
Furthermore, CIRA’s Canadian Presence Requirement (CPR), a rule that allows only people and organizations who have a presence in Canada to register a .CA domain, keeps .CA safer than many other top-level domains. Because of CPR, Registrants are required to provide proof of that presence, something a criminal is highly unlikely to do.
Online security is the responsibility of everybody who uses the Internet. The Websense report states that 82 per cent of malicious websites are hosted on compromised computers and servers. CIRA does its part through activities like watching for suspicious information when .CA are registered and enhancing security on the technical side. That said, it is critical that Internet users do their part. This includes making sure you have up-to-date anti-virus software installed on your computer, becoming an informed ‘online shopper’, making sure you have secure – read complicated – passwords, and only clicking on links that come from trusted sources. Here’s another useful tip: one Member of the CIRA team even updates her parent’s antivirus software when she visits them.
CIRA is working with the Media Awareness Network to develop a series of tip sheets to help Canadians stay safe online. To date, we’ve released two:
- The Cyber Security Consumer Tip Sheet: Safe Surfing (.PDF).
- Cyber Security Consumer Tip Sheet: Protecting yourself from Malware (.PDF).
These tip sheets provide plain language information to help Canadians stay safe online. If you know someone who could use this information, please share them. Above all, I urge you to work with us in our efforts to keep the Internet safe and secure. We also operate a DNSChanger Malware Checker to check your computer for a particular malicious code. You can check your computer here.
Stay safe online!