By Renato Cudicio, MBA – President of TechNuCom
Since its launch in the United States in 2004, October has been recognised as Cybersecurity Awareness Month in many countries, including Canada since 2018. This year, the Quebec government is promoting the theme ‘I have a role to play in cybersecurity’.
Against this backdrop, TechNuCom held its “Security Week” in October, providing an opportunity to review our security processes and evaluate the risks we (and our customers and partners) face in Quebec.
A global challenge
The European Union Agency for Cybersecurity (ENISA) just published its Threat Landscape 2025 report. The report is based on an analysis of 4,875 incidents that occurred between July 2024 and June 2025. The report paints a grim picture of the main threats facing European businesses and organizations. This in-depth study also sheds light on Quebec’s situation, as it faces the same risks.
Currently, there is much talk in Europe about hybrid warfare, consisting of cyberattacks, disinformation operations, sabotage, drone incursions, and incitement to indirect violence. This type of warfare directly targets Ukraine’s allies. Due to its support for Ukraine against Russia, Canada and Quebec’s infrastructure and organizations are also in the crosshairs of enemies of democracy and NATO.
Add to this an explosive and uncertain geopolitical context in both the Middle East and, more recently, the Americas, as well as the massive misappropriation of AI capabilities for venal and illicit purposes, and we have all the ingredients for an increase in cyberattacks that will affect Quebec as well. Acts of computer piracy, such as denial of service (DDoS), phishing, exploitation of software vulnerabilities, ransomware, and digital identity theft, are now the same everywhere.
Quebec is also a target
Several independent reports corroborate ENISA’s warning that public administrations, transportation, digital services, finance, industry, and energy infrastructure are the most targeted sectors. In short, these are the pillars of our economies in Europe and Canada.
The Canadian Centre for Cyber Security (CCCS) confirms these trends and anticipates an increase in attacks against essential services in its National Cyber Threat Assessment for 2025–2026. The recent cyberattacks that have affected municipalities in Quebec are only the tip of the iceberg. Remember the borough of Montreal North, held hostage by Rhysida ransomware, and the municipality of Sainte-Brigitte-de-Laval in the Quebec City region, which was the victim of an extortion attempt. The real fear, however, concerns strategic infrastructure, such as Hydro-Québec’s, which has been the target of attacks that have literally exploded in number over the past three years. While a major attack on energy or telecommunications infrastructure would be devastating, the proliferation of ransomware attacks, information theft, and sabotage orchestrated by criminal organizations—often linked to rogue states—is more harmful. These attacks affect thousands of Canadian businesses of all sizes.
Prevention is better than a cure
Quebecers have developed a real sense of resilience from facing extreme weather conditions and seemingly endless winters, which is useful when preparing to deal with cyber threats.
Here are just a few of the measures that some of our customers have been asking TechNuCom to implement over the years. Some are simple and inexpensive, while others require significant effort and substantial budgets.
First, let’s start with the best practices:
- Make the use of a password manager mandatory -> $
- Segment your network -> $$$
- Require MFA/2FA wherever possible -> $
- Always use VPNs and encryption keys -> $$
- Have your systems penetration tested once a year -> $$$
- Obtain SOC 2 Type 2 certification to sustain your efforts -> $$$$
- Verify that all assets are always well protected (EDR, etc.) -> $$
- Route all your traffic through a reverse proxy such as Cloudflare -> $
- Check once a month that there are no users, applications, or firewall rules that should be closed or updated -> $
- Maintain a culture of cybersecurity within the team at all times -> $
To ensure business continuity in the event of a major incident, do the following:
- Set up a mail server on a different infrastructure and domain name -> $
- Make sure you have at two—ideally three—internet service providers, including one with 5G. -> $
- Apply the 3-2-1 rule for your backups and test restores -> $$
- If your servers are in Quebec, keep a copy of all your data with a hosting provider in another Canadian province -> $$
- Have a contingency plan that is always ready to relocate your operations to another location or switch to 100% remote working. -> $
So, are you prepared for cyberattacks? Remember that, as in all disasters, the shock will always be more violent than imagined. But at least you won’t be surprised, and you’ll have a fallback position from which to face adversity. As the saying goes: Prepare for the worst. Hope for the best.”
If you want to learn more:
- Check out the Quebec government’s Cybersecurity and Digital Ministry blog
- Visit the Canadian Centre for Cybersecurity website
- Take a look at the Government of Canada’s Think Cybersecurity campaign
