I believe you've heard from several witnesses over the past few months about the evolving cyber-threat landscape, some of the attacks that are being experienced across the board and how that's changing, and the challenge that represents. Instead, today I'm going to draw your attention to the growing attack surface and how economic disruption that impacts national security can come from unexpected places.
Canada depends on small business for economic well-being. There are 99.7% of businesses in Canada that have fewer than 500 employees, but they employ over 70% of the total private labour force. Small to medium-sized enterprises contribute 50% of Canada's GDP, 75% of the service-producing sector and 44% of the goods-producing sector. They also represent 39% of the financial, insurance and real estate sector.
Fintech has a projected continuous annual growth rate of 55% through 2020. Canada is a hot spot for fintech growth, especially in mobile payments, and most of the emerging companies are SMEs. SMEs collectively constitute a very large attack surface. This attack surface has attracted the attention of hackers.
With regard to some examples of the link between supply chains and major disruptions, in 2018, five natural gas pipeline operators in the U.S. had their operations disrupted when a third party supplier of electronic data and communications services was hacked in the spring of that year. The hacking of a third party vendor to more than 100 manufacturing companies was discovered in July 2018. Approximately 157 gigabytes of data that Level One Robotics was holding was exposed via rsynch, a common file transfer protocol used to mirror or back up large datasets.
The 2017 NotPetya malware outbreak forced shipping giant Maersk to replace 4,000 new servers, 45,000 new PCs and 25 applications over a period of 10 days, causing major disruption.
Why is this happening? Criminals are a bit like flood water; they follow the path of least resistance. Small to medium-sized enterprises have several challenges when it comes to security: limited financial resources, limited human resources and a culture of disbelief, the so-called “we're too small to be hacked” syndrome.
The digital economy has been a boon to small business growth, enabling rapid entry to global supply chains. However, this innovation and growth comes with significant risk if security concerns are not addressed, particularly given the increasing sophistication of cybercriminals. They've moved from the disruption of viruses, trojans and worms 10 years ago, which were common to hear about, to now generating usable digital trust certificates that bypass the human element.
The goal must be to reduce the attack surface, making Canadian business a less attractive target to criminals. The solution is a culture shift, through education, awareness and setting achievable industry-led standards, without stifling innovation. It's a big challenge. It also means investing in international criminal enforcement relationships and capabilities.
I'll stop there, and I'm happy to answer any questions.