#CyberFLASH: Private sector should lead Canada’s cyber security strategy, say experts

Local Input~ FOR NATIONAL POST USE ONLY - NO POSTMEDIA - Hacker using laptop. Lots of digits on the computer screen. Credit fotolia.In the global war against crime Canada is one of a number of countries with a national cyber strategy, aimed at strengthening important departments and working with the private sector to shore up critical infrastructure.

But two security experts told a conference Thursday that businesses, not Ottawa, should be leading the charge.

But they also laid the blame for the country’s poor cyber security at the executive floor.

“We (infosec pros) feel it’s difficult to convince upper management something should be done,” Jason Murray, senior manager for cyber security at consulting firm MNP LLP, told the SC Congress conference in Toronto on Canada’s cyber strategy. “They’re not listening to us. They get it, they just don’t need to do anything about it.

“They’re accumulating technical debt. Every year they don’t spend enough on information security they’re adding to the debt and hoping that when the debt comes due they’re not around to take the fall … The market should punish these people, just like they were accumulating financial debt… and they would go out of business.”

However, he admitted, few companies – even those suffering huge breaches like Home Depot – lose customers over the long term.

But he also complained organizations “are not doing the basic hygene stuff… I go in there (to customers) and assess against the PCI (Payment Card Industry security) framework or the critical controls framework … and they’re scoring 40 per cent at best.”

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.