Toronto, ON — 

July 25, 2025 — As Canadian firms scramble to review their cybersecurity posture in the wake of recent government warnings about state-aligned threat actors, some experts warn that many businesses are still failing to translate lessons into action, even when the wake-up calls are happening at home.

In an exclusive interview with ODTN News, Dr. Emilie Zhang, a professor of digital risk and enterprise resilience at the fictional Northland Institute of Technology, says too many Canadian firms are treating cyber threats like distant hypotheticals, not immediate business risks.

“The breaches have already happened here — in our supply chains, our telcos, our utilities. From RedLake to Trinexus to the CanPharma attack, these were not drills,” said Zhang. “But we’re still acting like someone else will handle it.”

Her comments follow last week’s unprecedented joint alert from the Federal Office of Data Integrity (FODI) and the Cybersecurity Oversight Commission of Canada (COCC), which warned of “imminent risk of sustained cyber attacks” against critical government infrastructure.

Zhang, however, believes that the business community is the real soft target.

“Governments may move slowly, but at least they’re moving. A lot of companies still treat cybersecurity like IT plumbing; invisible until it breaks.”

A Pattern of Ignored Warnings

Over the past three years, multiple major Canadian firms have fallen victim to preventable breaches:

• RedLake Freight Systems (2022): A ransomware event shut down logistics operations across three provinces for nearly a week, exposing payroll records and driver credentials.
• Trinexus Solutions (2023): A supplier to provincial health authorities suffered a supply chain compromise that led to the leak of anonymized but re-identifiable patient datasets.
• CanPharma Group (2024): A cloud misconfiguration exposed nearly 1.2 million prescription histories, prompting a joint privacy investigation in Ontario and B.C.

Despite these incidents, Zhang says the same mistakes keep repeating.

“Weak MFA, poor vendor controls, no tabletop exercises. These aren’t zero-day exploits — they’re zero-effort breaches.”

Budget Paralysis and the Illusion of Safety

A recent report by the fictional Canadian Association of Corporate Risk Officers (CACRO) found that 59% of mid-sized firms had not reviewed their incident response plans in over a year, and only 21% had conducted a third-party penetration test since 2022.

“Executives will spend $3 million on rebranding, but flinch at $30,000 for a red team audit,” said Marc Rousseau, a Quebec-based cybersecurity consultant. “There’s still this mindset that good luck is a strategy.”

Zhang argues that Canada is entering a critical learning window.

“We have the advantage of hindsight — not just from abroad, but from our own backyard. But the clock’s ticking. If we don’t treat cyber resilience like a core business function, we’re going to lose more than data.“

Following the risk behind the ROI. — Leila Park

ODTN News’ Ayaan Chowdhury contributed to this report.

Vancouver, BC —

Cyber lead signals confidence in outsourced security as internal fatigue quietly builds.

July 21, 2025 — In an exclusive interview with ODTN News, Dr. Kavita Sandhu, Chief Information Security Officer at ODTN Mart, defended the company’s growing reliance on managed security providers (MSPs), brushing aside recent reports of staff turnover and escalating workload among internal cyber teams.

“We’re aligned with top-tier security vendors who understand our environment deeply,” said Dr. Sandhu. “That trust allows us to stay focused on what matters — keeping systems resilient without bottlenecking innovation.”

Calm Above, Friction Below

The statement follows weeks of reports across the retail sector pointing to increased burnout among in-house IT and security professionals. But Dr. Sandhu framed ODTN Mart’s security posture as proactive and balanced, citing regular audits and “well-tested partnerships” as proof of stability.

“This is a time for smart delegation,” she added. “You don’t build resiliency by overextending — you build it by knowing when to let your partners lead.”

Still, multiple former ODTN Mart cyber staff, speaking off record, described the environment inside the SOC as “high-volume, low-voice” — a place where alerts are constant, but executive engagement is increasingly distant.

“The dashboards light up. The tickets queue. But no one asks how we’re doing — just whether the SLA is met,” one former analyst said.

A Familiar Pattern?

Cyber governance researchers say ODTN Mart’s model reflects a growing trend among large Canadian enterprises: optimizing visibility and reporting over direct investment in internal resilience.

“MSPs offer scale and flexibility,” said Dr. Aashir Rao, fellow at the Western Institute for Civic Integrity (WICI). “But overdependence on external coverage creates blind spots — especially when internal teams are understaffed and overstretched.”

Dr. Sandhu disagrees.

“We run drills. We run diagnostics. And we still run lean — by design. There’s no evidence that bloat equals better protection.”

Confidence, or Containment?

When asked whether her team had flagged recent retail sector “data harmonization conflicts” as potential precursors to larger systemic issues, Dr. Sandhu declined to comment, citing ongoing reviews.

She did, however, reinforce her central message:

“The frontline is shifting. The question isn’t whether you outsource — it’s whether you do it with eyes wide open. At ODTN Mart, we do.”

Following the risk behind the ROI. — Leila Park

ODTN News’ Mira Evans & Ayaan Chowdhury contributed to this report.

Toronto, ON —

A sweeping cyberattack on a trusted Canadian software vendor has triggered widespread disruption across enterprise cloud systems, as security investigators reveal that attackers used a software update to quietly breach dozens of major clients, including key players in the energy sector.

Gridlock Solutions, based in Toronto, confirmed that its popular infrastructure analytics platform PulseCore 6.3 was compromised through a supply chain attack that injected a remote access trojan into a February software update.

The malware-laced update was downloaded by over 2,300 organizations. Once installed, it gave attackers access to cloud credentials, virtual machines, and security tokens across multiple platforms including Azure and Oracle Cloud.

“This is a textbook supply chain breach — clean until the customer deploys it,” said Greg Tsui, principal analyst at Seaboard Intelligence.

Several publicly traded companies have suspended Gridlock contracts, and the vendor’s stock dropped 17% within 24 hours of the disclosure. Multiple class-action lawsuits have already been filed, alleging negligence and lack of transparency in third-party security practices.

A spokesperson for Gridlock said the company is cooperating with federal cyber investigators and has issued a full patch along with forensic assistance for partners.

The incident has reignited debate around software supply chain security, with policy experts and CISOs urging stricter controls on how backend infrastructure software is audited and verified.

“This wasn’t ransomware. It was surgical, silent, and designed for espionage,” said Theresa Chan, CISO at Novaxa Energy. “We’re seeing trust itself being weaponized.”

Timeline of Events:

Feb 10, 2025 – Malicious code inserted into PulseCore update
Mar 3, 2025 – First anomalies detected in partner networks
Mar 27, 2025 – Gridlock acknowledges possible compromise
Apr 12, 2025 – Breach confirmed, patch issued

Impact Summary:

Affected Vendor – Gridlock Solutions
Compromised Product – PulseCore 6.3
Method of Attack – Supply chain (update-level injection)
Impacted Clients – ~2,300 enterprise customers
Estimated Downtime – 4–7 days average
Stock Price Movement – -17% in 24 hours

As scrutiny mounts, the breach has become a wake-up call for enterprise leaders relying on cloud-optimized vendor tools without complete visibility into how software updates are built, signed, and deployed. Analysts are now warning that convenience, if left unchecked, could be the single largest risk in digital supply chains.

Following the risk behind the ROI. — Leila Park

ODTN News’ Ayaan Chowdhury contributed to this report.