Cyber-defence Is a Team Sport: Key Takeaways from Our Cybersecurity Executive Summit

On Wednesday, October 4, we held our Cybersecurity Executive Summit, hosted by Ulrike Bahr-Gedalia, Senior Director, Digital Economy, Technology & Innovation, and Cyber. Right. Now. Council lead at the Canadian Chamber of Commerce.

Attendees joined virtually to hear from industry leaders on the importance of securing our digitally enabled world. The Summit focused on the economic implications of cybercrime, the role of artificial intelligence (AI) in cybercrime and cybersecurity, and the need for businesses of all sizes to be proactive in securing their organizations.

Cybercrime is a threat to our economy and national security, so when it comes to preventing attacks, everyone has a role to play. Read on for key takeaways from the Summit!

Government Address and Keynote Speaker: Caroline Xavier, Chief, Communications Security Establishment

Introduction by Atsushi Yamada, CEO, ISARA Corporation. Fireside chat moderated by David Shipley, CEO, Beauceron Security, and Co-Chair of the Canadian Chamber’s Cyber. Right. Now. Council.

Key Takeaways:

• Cybercrime is everywhere, and it affects businesses of all sizes in all sectors.
• Cybercrime is evolving all the time and has grown more sophisticated with the rise of technologies like generative AI. But these same technologies can help defenders too.
• Small businesses often think they have nothing of value to offer cyber criminals — unfortunately, this is not the case. Big organizations (like critical infrastructure) may be more lucrative targets, but they attract unwanted attention from law enforcement and media and take more time and effort to break. So, if cyber criminals can fly under the radar or make a “quick buck” by targeting smaller businesses, they will. Over the next two years, it’s expected that cyber criminals will target more small businesses.
• Business email compromise (BEC) is a costly and common cyberattack. This type of attack uses your email account to send fraudulent emails to others. It allows criminals to pass themselves off as you, your billing department, or your help desk, to gain payment or personal data from your friends, family or customers.
• Ransomware attacks are the most well-known form of cybercrime and the most disruptive. These attacks can bring your organization’s operations to a halt. The average pay out is $140,000.
• Humans are the weakest link in cyberattacks, so it’s important to step up your cyber-fitness by remembering to follow the basics, like learning how to identify phishing emails.
• Most cyberattacks go unreported, but you should never underestimate the value of reporting. You never know when a local cyberattack could be the missing piece in an international puzzle.
• Working with banks and telcos, the Canadian Centre for Cyber Security (the Cyber Centre) has cut many phishing scams off at the source. The Cyber Centre has also taken down 600,000 malicious web domains, and pre-notified over 400 organizations before they could be attacked. Additionally, the Cyber Centre carries out active and defensive foreign cyber operations, with dozens of successful operations in the last few years. 

For more information on the Cyber Centre’s work and for cybersecurity resources that will help you protect your business, visit cyber.gc.ca.

Panel discussion:

Moderator:  John de Boer, Senior Director, Government Affairs and Public Policy, BlackBerry, and Co-Chair of the Canadian Chamber’s Cyber. Right. Now. Council.

Panelists:

• Kim Schreader, Director, Cyber Security Professional Services, TELUS
• Calvin Engen, CTO, F12
• Fabrice Renaud, CISO, GeoComply
• Autumn Moulder, Director, Infrastructure & Security, Cohere

Key Takeaways:

• Organizations need to be proactive and anticipate cyberattacks before they occur. There is enough information out there today for you to secure your company.
• Knowledge is power. Understanding cybersecurity threats and their ramifications is the first step in combatting them.
• The rate at which the threat landscape is evolving is alarming. Remote work has changed how organizations do business, adding new complexities to securing your organization’s assets, and creating a larger supply chain surface open to risk.
• Both sides — attackers and defenders — are innovating. In this race, it’s important for defenders to become more predictive and proactive.
• Security comes second for many businesses, but instead of ignoring this issue or jumping in without enough research, pause and take an audit of your organization and your security tools. Determine your organization’s critical aspects and create layers of defence around them. Look for ways to get the most out of your security tools.
• People are often the weakest links in cybersecurity as they are usually underinvested in —employees don’t receive the necessary training, or the organization doesn’t develop a culture of security.
• Technology is often the first place we go because it seems like the right solution, but if people don’t understand it or know how to use it, they’ll search for ways to bypass it, thus introducing more risk into the system.
• Organizations that are concerned about security affecting user experience should “bake in” security from the beginning, instead of “bolting it on” after. You can even enhance end user experience through security and use the promise of it as a marketing tool with your customers.

Read more about the advocacy work our Cyber. Right. Now. Council is doing to solidify Canada’s position as a global cybersecurity leader.

Be sure to check out our upcoming Executive Summit Series events.

Thank You to Our Event Sponsors

Thank You to Our Excellence Level Partners