Upholding our cyber integrity

In today’s digital world, Canadians, businesses and governments alike must contend with cyber security threats on a day-to-day basis. Social engineering scams like phishing and other types of cyber fraud can threaten the integrity of personal and business accounts, networks and mobile devices. Unlike individual Canadians or businesses, however, the Government of Canada (GC) experiences trillions of cyber security events each year, but not all of these are attacks aimed at penetrating the GC’s network perimeter.

The internal systems, applications and services that public servants use every day to do their work—and deliver programs and services to Canadians—are frequently targets of cyber threat actors attempting to gain unauthorized access to government networks and data.

With this in mind, Shared Services Canada (SSC) has prioritized investments in cyber and IT security, including our email security and monitoring services. By proactively monitoring, detecting and responding to threats to our internal systems, applications and services, SSC can help minimize the government’s “attack surface,” the points of entry to the GC’s IT infrastructure.

Gone phishing

When it comes to email, threat actors will often attempt to gain unauthorized access to government systems by sending public servants messages that appear to be from legitimate sources. These email messages might ask employees to share sensitive information or to click on a link designed to install malware on their desktops or mobile devices.

In addition to regular exercises that help raise awareness about phishing campaigns targeting employees, SSC works to counter email-based threats by continuously monitoring the GC’s email service, quickly investigating incidents and proactively purging malware and phishing emails before users have a chance to interact with them.

In fact, in 2024 alone, SSC processed more than 7,000 cases of phishing, malware and other suspicious activities, resulting in the purge of more than 121,000 emails.

The inside track

Beyond email security, SSC also provides security assessments, automated threat detection services and continuous security monitoring for the applications, network devices and systems we manage. When a threat is detected, SSC notifies affected departments and agencies while working collaboratively with our security partners to eliminate the threat.

This work can also include hunting down insider threats and malicious user behaviour. Insider threats occur when otherwise authorized users either willingly or unintentionally compromise the security of an organization’s networks and systems.

SSC helps protect the GC against these types of threats by developing and applying special tools to help identify, investigate and resolve incidents using industry best practices.

Taken together, SSC’s email security and monitoring services serve to strengthen the GC’s cyber and IT security resilience by providing a holistic response to the diverse array of cyber threats facing the GC in the digital age.

Our ongoing work to protect the systems, applications and services public servants use to securely connect with Canadians helps enable federal departments and agencies to deliver secure and reliable digital services now and in the years to come.