The National Cyber Threat Assessment 2025-2026 (NCTA) report provides a comprehensive analysis of the cyber threats facing Canada over the next several years. This report highlights the evolving landscape of cyber threats and emphasizes the need for enhanced cybersecurity measures to protect Canadian interests.
Overview of Cyber Threats
The report identifies several key areas of concern for Canada, focusing on the increasing complexity and sophistication of cyber threats. The primary categories of threats highlighted include state-sponsored cyber activities, cybercrime, the impact of geopolitical tensions, the role of emerging technologies like artificial intelligence, and the government’s response to these challenges.
Key Take Aways from the Report
- State-Sponsored Cyber Threats: These threats are becoming more aggressive and sophisticated, combining disruptive attacks with online information campaigns to influence public opinion and intimidate populations.
- Cybercrime: Ransomware remains the top cybercrime threat, with cybercriminals using double extortion tactics to maximize their financial gains.
- Geopolitical Tensions: Geopolitical conflicts are driving cyber threat activities from non-state actors and hacktivist groups, posing significant risks to national security.
- Artificial Intelligence: AI is amplifying cyber threats by enabling cyber threat actors to automate attacks and evade detection. However, AI can also be leveraged for defensive purposes to enhance cybersecurity.
- Government Response: The Government of Canada is prioritizing cybersecurity, proposing a significant investment in intelligence and cyber operations programs. Public-private partnerships are essential for addressing cyber threats effectively.
Let’s understand in detail:
State-Sponsored Cyber Threats
State-sponsored cyber threats are becoming more aggressive and sophisticated. These actors, often backed by nation-states, engage in cyber espionage, intellectual property theft, and cyber operations designed to disrupt critical infrastructure. The report notes that these state-sponsored activities are not only about espionage but also include disruptive attacks and online information campaigns intended to influence public opinion and intimidate populations.
Canada’s state adversaries are using cyber operations to disrupt and divide. The People’s Republic of China’s (PRC) expansive and aggressive cyber program presents the most sophisticated and active state cyber threat to Canada today. Russia’s cyber program furthers Moscow’s ambitions to confront and destabilize Canada and our allies. Iran uses its cyber program to coerce, harass, and repress its opponents, while managing escalation risks. APT44, APT28 are some key threat groups that target Canada and United States. Volt Typhoon is especially noteworthy because the PRC has not historically conducted disruptive or destructive cyber operations against critical infrastructure. In addition, CISA earlier this year has released advisory on APT40, a China state-sponsored cybercriminal group.
The NCTA emphasizes that state-sponsored cyber actors are likely to target sectors that are critical to national security, economic stability, and public safety. These include the energy sector, telecommunications, healthcare, and government institutions. The goal of these actors is to gain strategic advantages and leverage cyber capabilities to achieve geopolitical objectives.
Cybercrime
Cybercrime remains a pervasive and significant threat to Canadian organizations and individuals. Ransomware, in particular, is identified as the top cybercrime threat. The report highlights the evolution of ransomware tactics, with cybercriminals increasingly using double extortion methods.
This involves not only encrypting victims’ data but also threatening to leak sensitive information unless a ransom is paid. The Cybercrime-as-a-Service (CaaS) business model is almost certainly contributing to the continued resilience of cybercrime in Canada and around the world. Ransomware is the top cybercrime threat facing Canada’s critical infrastructure.
The financial impact of cybercrime is substantial, with businesses facing significant losses due to operational disruptions, ransom payments, and recovery costs. The report calls for increased vigilance and proactive measures to mitigate the risk of falling victim to cybercriminals. The report mentions LockBit, Alphv, Cl0p, Play, and Black Basta as significant ransomware groups impacting Canada. Cyber attacks on CDK Global, Microsoft, and Change Healthcare were mentioned in the report.
Geopolitical Tensions
Geopolitical tensions are driving cyber threat activities from non-state actors and hacktivist groups. These groups often align their activities with the interests of nation-states or seek to advance their own political agendas. The report underscores that these actors are becoming more sophisticated and capable, posing a significant risk to national security.
The NCTA highlights that geopolitical conflicts and tensions can lead to cyber incidents that have far-reaching implications. For example, cyberattacks on critical infrastructure can disrupt essential services, impact the economy, and erode public trust in government institutions.
Artificial Intelligence and Cyber Threats
Artificial intelligence (AI) is playing an increasingly prominent role in the cyber threat landscape. AI-powered tools are being used by cyber threat actors to enhance their capabilities and evade detection. The report notes that AI can automate the discovery of vulnerabilities, enable more efficient phishing attacks, and even facilitate the creation of deepfake content for disinformation campaigns.
The Canadian Centre for Cyber Security stresses the importance of leveraging AI for defensive purposes as well. By using AI to detect and respond to cyber threats in real-time, organizations can enhance their cybersecurity posture and mitigate the risks associated with advanced cyber threats.
Government Response and Recommendations
The Government of Canada has made cybersecurity a top priority, recognizing the need to protect critical infrastructure, national security, and the economy from cyber threats. The NCTA outlines several initiatives and strategies aimed at strengthening Canada’s cybersecurity defenses.
The report proposes a significant investment of $917.4 million over five years to enhance intelligence and cyber operations programs. This funding will support the development of advanced cybersecurity technologies, enhance threat intelligence capabilities, and improve coordination between government agencies and the private sector.
Additionally, the report emphasizes the importance of public-private partnerships in addressing cyber threats. Collaboration between government, industry, and academia is crucial for sharing threat intelligence, developing best practices, and fostering innovation in cybersecurity.
In addition, CCCS, a part of CSE released Cyber Security Readiness Goals to assess and mitigate threats with the toolkit. The Cross-Sector Cyber Security Readiness Goals (CRGs) provide Canadian organizations with 36 foundational, realistic and achievable goals to strengthen their cyber security. Each goal is linked to concrete recommended actions that, if taken, will elevate the cyber security posture of Canadian organizations and CI .
The National Cyber Threat Assessment 2025-2026 underscores the evolving nature of cyber threats and the importance of proactive measures to protect Canada’s interests. The report calls for a multifaceted approach to cybersecurity, involving government, industry, and academia, to address the growing complexity and sophistication of cyber threats.
By investing in advanced technologies, enhancing threat intelligence capabilities, and fostering collaboration, Canada can strengthen its cybersecurity defenses and mitigate the risks posed by cyber threat actors. The NCTA serves as a critical roadmap for navigating the cyber threat landscape and safeguarding the nation’s security, economy, and public safety.
For cybersecurity news and updates, follow us on Cybersecurity – The SOC Labs.
Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The SOC Labs assumes no liability for the accuracy or consequences of using this information.
Discover more from The SOC Labs
Subscribe to get the latest posts sent to your email.