How cybercriminals get in

---

Interconnected ‘smart’ machinery, as well as increasingly used in sectors across Canada. In landscaping, agriculture and construction, for example, this interconnectedness increases efficiency and revenue, reduces labour costs and collects useful data about the environment within which the business operates. Unfortunately, cybersecurity vulnerabilities have also increased.

Cybercriminals may target small- to medium-sized businesses, knowing they may not have dedicated IT departments to ensure network security. Targeting hardware vulnerabilities such as personal computers, USB drives and mobile devices, hackers can access automated and interconnected equipment and servers to gain access to your client and financial data, proprietary business or personal information, intellectual property and even your money. Additionally, they know your staff lets their guard down when they think they are in seemingly safe places like the office or in the field.
 

Cybercrime methods

Sixteen per cent of Canadian businesses in 2023 and 70 per cent of individuals in 2022 were affected by a cybercrime attempt. Individuals are the weak point in a business’s cybercrime defences. Hackers use staff curiosity and better natures against them when they are dealing with emails. Scams and fraud are two of the most common cybercrimes.

Emails are a common route for cybercriminals. There are business email compromise attacks, such as an impersonation designed to steal information. A phishing email will try to obtain identity or credit card information. In spear phishing, the sender pretends to be a trusted individual using an email targeting a specific individual.

An oft-cited example of a U.S. ransomware attack is that of OutWest Express in 2015. An email contained what seemed to be an ordinary message with a resume attached. It was actually an encrypted malware virus. It enabled access to all of the company’s files where it changed all of the server logins, and shut out the owners. It was an expensive crime to correct and not all of the files were retrieved.

Be aware of the ongoing development of the Internet of Things (IoT), referring to the interconnectedness of different types of technology and automated machinery. This is increasing as is the infiltration of artificial intelligence (AI) into business operations.

As highly connected autonomous equipment and vehicles start to populate work sites, companies should stay informed about their vulnerabilities, as they can be used to access personal and business data. Dr. Asaf Tzachor, a researcher at the Centre for the Study of Existential Risk in the U.K., has been quoted as stating that cyberattacks in agriculture have involved autonomous drones, robotic harvesters and sprayers, suggesting that controls can be overridden by bad actors and datasets can be spoiled or stolen.

Data theft, vehicle takeover and sensor spoofing (fooling a piece of technology into misidentifying an object into ‘seeing’ or not seeing an object) are anticipated to be the leading types of cyberattack in the future. Many parts of vehicles and equipment could provide vulnerable entryways to cyberattacks — especially those that connect to smartphones — including Bluetooth, airbags, USB, passive keys/passive keyless entry, engine transmissions, light systems and tire pressure monitoring systems.
 

Equipment vulnerabilities

In 2021, theft of construction equipment in Canada was estimated at $1 billion. At large work sites, it can be difficult to keep track of contractors, tools and equipment. Using layered safeguards, such as multi-authentication passwords and logins, these ‘smart’ steps can thwart or expose attempts at cybertheft. Engine immobilizers, smart keys or key transponder systems, cab control access code systems, fuse cut offs, kill switches, and starter and fuel disabler switches all can be vulnerable to hacks. Luckily, some equipment movement can be tracked or prevented with GPS tracking systems, geofencing systems, motion-sensor lighting and surveillance cameras.
 

Defend your data

In 2023, only one in four businesses in Canada had written policies to deal with cybersecurity. Staff and employees should be trained in cybersecurity best practices. Policies should be in place to deal with lost hardware like USB/thumb drives, laptops and mobile devices. Someone trained in cybercrime should be given the authority to coordinate a response to the incident and a company should also have cyber-insurance to deal with legal fees, forensic services, reputation loss/restoration and credit monitoring.

Schmidt advises small- and medium-sized businesses to take preventative action. He says working with ethical hackers can help identify vulnerabilities. Schmidt suggests finding these specialists through a local Chamber of Commerce and the Better Business Bureau, and notes these companies charge by the hour and flat rates.

Be proactive and keep your software updated. Ensure your devices have antivirus software and up-to-date security applications. Data should be encrypted when sent and stored. Passwords must be changed regularly. Additionally, multi-factor identification should be used for logins. Important information for banking, supplier and client information should be backed up and tested regularly. Hard copies should be made as well.

Whether onsite or at the office, employees should be restricted as to what computers and files they can access in addition to who is allowed to install software. Ensure that you are not using default passwords or settings and that passwords are strong.

When selling, disposing of, or refurbishing technology like mobile devices, all sensitive data need to be cleaned out.
 

Consequences of ignoring cybersecurity

The consequences of not being prepared for cybercrime are harsh for businesses. There is the loss of sensitive data, like financial, product, intellectual property, staff and client information. There is also the loss of reputation, as well as lost revenue and cost to repair the damage. There is also a loss of trust from clients, suppliers and distributors as cybercrime in one company can spread through IoT and networks to other companies.

“Sixty percent of small businesses go bankrupt after a cyberattack,” says Ali Dehghantanha, PhD, professor and Canada Research Chair in Cybersecurity and Threat Intelligence, at the School of Computer Science, University of Guelph. He notes that there is a “cyber poverty line.” Below this line are businesses that are “poor” in technology and cybercrime knowledge.

Professor Dehghantanha advises small businesses owners to think of cybercrimes as a matter of profit for cybercriminals. They are paid for their efforts. Cybercrime actors want maximum profit at minimum effort. Businesses need to have enough deterrents so that there is too much effort for a profit.

Professor Dehghantanha also says it is not the responsibility of vendors, like autonomous vehicle manufacturers, to supply cybersecurity. That is a business owner’s responsibility. What guidelines that do exist for small business, he believes, are “disassociated from the reality in the field.” He advises small businesses to speak to a security professional, and says: “It is impossible to have 100 per cent security.”

There is more to being cyber secure than avoiding clicking on suspect links in emails. Being aware, trained, vigilant and informed by expert knowledge will protect your company.
   

Sources:

Baran, G., 2024, Hackers can use HDMI cables to capture your passwords, cybersecuritynews.com/hdmi-cables-steal-passwords/

Communications Security Establishment, n.d., An introduction to the cyber threat environment, www.cyber.gc.ca/en/guidance/introduction-cyber-threat-environment

Federal Communications Commission, n.d., Cybersecurity for small businesses, www.fcc.gov/communications-business-opportunities/cybersecurity-small-businesses

Field Effect, 2025, What is the future of cybersecurity?, fieldeffect.com/blog/what-is-the-future-of-cyber-security?

Government of Canada, Cyber security while travelling, n.d., travel.gc.ca/travelling/health-safety/cyber-safe

Infineon, 2025, Scalable cybersecurity solutions based on dependable electronics, www.infineon.com/cms/en/product/promopages/automotive-cybersecurity/

Interiano, I., 2023, Secure your green: A comprehensive cybersecurity guide for landscape businesses, www.worldinsurance.com/blog/cybersecurity-for-landscape-businesses

Rathmann, C., 2023, Surprising ways contractors can use technology for theft protection www.forconstructionpros.com/construction-technology/theft-prevention/article/22860618/caterpillar-cat-stop-theft-with-construction-technology

Statistics Canada, 2024, Impact of cybercrime on Canadian businesses, 2023, The Daily, www150.statcan.gc.ca/n1/daily-quotidien/241021/dq241021a-eng.htm

Telfer, 2024, Cybersecurity in construction, telferdigital.com/cybersecurity-in-construction-protecting-machinery-and-data/

U.S. Department of Health and Human Services, n.d., Loss or theft of equipment or data, health industry cybersecurity practices, 405d.hhs.gov/Documents/Five-Threat-Series-Loss-or-Theft-of-Data-R.pdf

USC Davis, 2025, Cyber Security, health.ucdavis.edu/cybersecurity/learning-center/conference-cybersafety-tips#

Barradas, S., Fleet gets hacked and files are kept for ransom, 2025, Truckers Report, www.thetruckersreport.com/news/fleet-gets-hacked-and-files-are-kept-for-ransom/

CIRA, 2024, New CIRA data finds cyber crime is driving customers away from impacted Canadian businesses, www.cira.ca/en/resources/news/cybersecurity/2024-cira-data-finds-cyber-crime-is-driving-customers-away-from-impacted-canadian-businesses/

Durlik, I., et al., 2024, Cybersecurity in autonomous vehicles — Are we ready for the challenge? Electronics, 13(13), 2654. doi.org/10.3390/electronics13132654

Evans, M., April 7, 2022, Weighing the risks of autonomous agriculture, The Western Producer, www.producer.com/news/weighing-the-risks-of-autonomous-agriculture/ 

Hawes, C., 2020, Ransomware attack hits Massachusetts trucking company, Freight Waves, www.freightwaves.com/news/ransomware-attack-hits-massachusetts-trucking-company

James, 29 September 2024, 14 recent cyber attacks on the transport & logistics sector, Wisdiam, wisdiam.com/publications/recent-cyber-attacks-transport-logistics-sector/

Garvey, S., 2024, Is right to repair a security vulnerability?, The Western Producer, www.producer.com/machinery/is-right-to-repair-a-security-vulnerability/

Government of Canada, 2024, Cyber security and your farming business, agriculture.canada.ca/en/programs/tools-manage-farm-risk-and-finance/cyber-security-and-your-farming-business

Montpetit, J., Leung, A., Aug. 10, 2024, Canada’s food supply — under threat?, CBC News,www.cbc.ca/newsinteractives/features/agri-food-canada-hacking

Northbridge Insurance, n.d., The harsh reality of construction equipment theft – and what you can do about it, www.northbridgeinsurance.ca/blog/construction-equipment-theft/

Oladimeji, S., Kerner, S.M., 2023, SolarWinds hack explained: Everything you need to know, Informa TechTarget, www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know

Ouellet, C., 2025, Vehicle cybersecurity in a connected world, GEOTAB, www.geotab.com/blog/emerging-cybersecurity-threats/

Resch, R., 2024, These smart vacuums and mowers can be hacked to spy on you, PCWorld, www.pcworld.com/article/2424761/vacuum-robots-as-a-security-risk-how-the-smart-helpers-can-be-misused-for-spying.html

Schaer, L., 2024, Protecting yourself against cyber security threats on the farm, Livestock Research Innovation Corporation, www.livestockresearch.ca/article/protecting_yourself_against_cyber_security_threats_on_the_farm

Statistics Canada, 2024, Impact of cybercrime on Canadian businesses, 2023, The Daily, www150.statcan.gc.ca/n1/daily-quotidien/241021/dq241021a-eng.htm

Yazdinejad, et al., 2021, A review on security of smart farming and precision agriculture: Security aspects, attacks, threats and countermeasures, MDPI, www.researchgate.net/publication/353947996_A_Review_on_Security_of_Smart_Farming_and_Precision_Agriculture_Security_Aspects_Attacks_Threats_and_Countermeasures/fulltext/611bc6681ca20f6f862b826a/A-Review-on-Security-of-Smart-Farming-and-Precision-Agriculture-Security-Aspects-Attacks-Threats-and-Countermeasures.pdf