#CyberFLASH: Financial players weigh risks of digital relationships in Canada’s consent-based compliance regime

Local Input~ FOR NATIONAL POST USE ONLY - NO POSTMEDIA - Hacker using laptop. Lots of digits on the computer screen. Credit fotolia.How is it that you can ever truly know someone?

That’s the question that various members of the financial sector asked today at a roundtable event hosted by ITWC and sponsored by Equifax Inc.

The relationship between business and customer used to be easy – when someone wanted to open up an account, they walked into a branch. Pen was put to paper and the organizational relationship with the customer came with the warmth offered by a firm shake of the hand and good eye contact. When that’s replaced by the cold transactional endpoint offered by an ATM, or a web portal, can that same relationship still be maintained?

Everyone is trying to balance the mix of traditional channels of communication with the customer with the newer digital options available to them, says Chris Briggs, the chief marketing officer at Equifax. “Whether it’s someone that can answer the phones or someone that’s at the branch, combined with the ability to personalize through digital channels.”

Financial institutions are collecting “cold, impersonal” data about their customers and even prospective customers, said Jim Love, chief content officer at ITWC and host of the roundtable event. But people want to be treated with a personal touch, and in a way that they don’t feel their consent wasn’t considered.

At one credit union with several branches throughout Ontario, business leaders are working on the goal of issuing more personal loans to their members. The opportunity to cross-sell their members on more of their services is a driving reason behind looking at the digital channel as a way to increase their wallet share.

Even with an older demographic, at least 20 per cent of the customer base is accessing the credit union’s digital channels, a marketing manager shared.

“How do we get them onto our platform and off of other people’s platforms?” he asked. “That’s our problem.”

Concerns with consent

But the credit union was concerned about the type of consent it had from its clients and what that allowed it to do to market other products to them. It seemed the more that was done to protect themselves as an institution from a regulatory standpoint, the harder it was to understand from a customer point of view.

Read more here

#CyberFLASH: How new online copyright infringement laws are affecting Canadians one year later

201310281614240l4j1t1yodou1gmqihww4xc3fAt TekSavvy Solutions Inc.’s office in the small southwestern Ontario town of Chatham, there’s a woman who comes to work each morning to help movie studios accuse the company’s customers of breaking the law. Every day, the employee has to process about 5,000 copyright infringement notices forwarded to TekSavvy by studios and other copyright holders that monitor the Internet for piracy.

She runs them through a software system, which the Internet service provider had to custom build, to ensure the text of the notice complies with the law and matches the IP address with the right customer. The software system only automates some of this task, so she still has to review each notice.

The whole process has become an expensive headache for a small company with 250,000 customers and about 500 employees, said Bram Abramson, TekSavvy’s chief legal and regulatory officer. The software system alone cost about $500,000 to set up, and the company has spent an additional $100,000 over the course of the past year to keep up with the notices.

“It’s a source of much frustration for us,” Abramson said. “It’s a whole system that had to be built. It’s not like you can buy that off the shelf.”

Accusing your customers of theft is also not great for business.

But under a law popularly known as notice-and-notice that went into effect in January 2015, ISPs such as TekSavvy are required to forward copyright infringement alerts to customers suspected of illegally downloading copyrighted material like movies, television shows and music.

Read more here

#CyberFLASH: Fewer Canadian organizations believe they are winning the cyber security war

malware-hacking-cybersecurityTORONTO – According to a study released today by Scalar Decisions Inc. (“Scalar”), Canada’s leading information technology solutions integrator, only 37 per cent of Canadian organizations believe they are winning the cyber security war, a decrease of four per cent over 2015’s study. The primary challenges cited as contributing factors were insufficient numbers of in-house personnel and lack of in-house expertise. The Cyber Security Readiness of Canadian Organizations, conducted with Canadian IT and IT security practitioners, also found the majority of respondents believed that cyber security crimes in their organizations are increasing in severity (80%), sophistication (71%) and frequency (70%).

Cyber security compromises are costly. Loss of intellectual property was experienced by 33 per cent of respondents in the last 24 months and 36 per cent believed it caused a loss of competitive advantage. According to responses, the average total cost of cyber attacks in the last 12 months was approximately $7 million per organization. Cyber security spend has however increased slightly from last year, with an average of 11 per cent of the IT budget dedicated to information security (versus 10 per cent in 2015).

“IT leaders are feeling less equipped to handle the changing landscape of cyber crime,” said Ryan Wilson, Chief Technology Officer, Security, Scalar Decisions. “The year-over-year increase in cyber attacks coupled with an increase in their severity and complexity highlights the need for specialized, trained IT professionals with the tools and proficiency to provide effective security to Canada’s companies.”

Commissioned by Scalar and independently conducted by the Ponemon Institute, the study examined the cyber security readiness of Canadian organizations and year-over-year trends in handling and managing growing cyber threats. On average, respondents reported an average of 40 cyber attacks per year, a 17 per cent increase over last year’s report. Despite the high number of attacks, only 38 per cent of respondents indicated their organization had systems in control to deal with advanced persistent threats (“APTs”). Overall, the greatest threat to IT networks was reported to be web-borne malware attacks, with 80 per cent pointing to this risk as the most frequent security compromise, followed by rootkits (65%).

The research also identified a subset of the sample that self-reported to have achieved a more effective cyber security posture. This “high performing” group represented 53 per cent of the sample, and when compared with the “low performing” group, it was found that high performers spend 43 per cent more of their IT budget on information security and were more likely to have their cyber security strategy fully aligned with their organization’s business objectives and mission. Relatedly, high performers were 28 per cent more confident that they are winning the cyber security war.

Read more here

#CyberFLASH: Cyber security among issues Canadian CEOs are most worried about

ceo-office-boardroom-window-550215701-ezra-bailey-getty-compressorThe chief executives of Canadian companies aren’t yet in panic mode, but the stresses of a terrible dollar, tanking oil and a tepid economy are making them more pessimistic than normal. According to a recent survey of 49 Canadian CEOs by professional services firm PricewaterhouseCoopers, 31% believe the global economy will become weaker in 2016. When asked the same question last year, only 9% of respondents agreed.

Their growing pessimism squares with the experience of CEOs everywhere; only 27% of the 1,409 chief executives around the world interviewed by PwC said they were confident that global economic conditions would improve. The survey—officially titled the 19th Annual Global CEO Survey—was completed during the fourth quarter of 2015.

While the sample of Canadian CEOs surveyed by PwC is small, their responses shed some light on what else is on the mind of our country’s top executives. Among the findings:

  • 76% of Canadian respondents say they will implement “cost-cutting measures” this year; that’s 68% higher than their international peers.
  • 80% are concerned about their tax burden, up from 68% in the 2015 survey. Many are also concerned about Canada’s looming debt burden, and the implications of a sluggish economy paired with falling tax revenues.
  • A whopping 92% of Canadian respondents agree that “business success in the 21st century will be defined by more than financial profit.” They’ve observed that more of their clients expect them to be good corporate citizens and do more to tackle important issues—yet those clients are reticent to absorb extra costs for it.
  • Perhaps in response to the above point, 80% of respondents are using new, non-financial metrics to report the value they’ve generated to their stakeholders.
  • The overwhelming majority of respondents (90%) said they made significant changes to their branding and marketing strategies in 2015.
  • Recruitment and talent retention are becoming more dynamic. Some 65% of respondents understand that top talent prefers to work for organizations with social values which are aligned to their own. (A related challenge they’re met with is accommodating “a new generation of digital natives” who are getting ready to move into positions of power.)
  • 61% of respondents say that cyber security is the biggest potential business threat to their organization’s growth prospects, topping availability of key skills (cited by 49% of respondents), volatile commodity prices (43%) and consumer spending behaviours (43%).

Read more here

#CyberFLASH: Eight tips to improve your organization’s data privacy

imageFor CISOs, every day is data privacy day. But every January 28th Data Privacy Day is officially observed by a number of countries and agencies.

It could be a good day for infosec pros to remind themselves that in addition to IT security, ensuring corporate privacy policies for personal data — of employees as well as customers and partners — are up to date and enforced.

This year’s observation comes at a sensitive time for chief security and privacy officers. Not only are data breaches increasing, the ability of customers to sue is also going up as well.

Just this week an Ontario judge recognized a new common law privacy tort of public disclosure of private facts. The case involved a man who posted a sexual video of an ex-girlfriend on the Internet without permission.

“In the electronic and Internet age in which we all now function, private information, private facts and private activities may be more and more rare, but they are no less worthy of protection,” the judge wrote in part.

The woman had entrusted the defendant with the images, he judge said, and the defendant had no right to publish them. The man was fined a total of $100,000 in damages, plus court costs.

This case doesn’t deal with a corporation. However, before this week no Canadian court recognized the right to sue for public disclosure of private facts. The point is organizations need to note the common law on privacy is expanding.

Read more here

#CyberFLASH: Cybersecurity strategy hinges on fed-prov collaboration

Cyber-700x500Public Safety Minister Ralph Goodale will need to continue working closely with the provinces and territories if he wants to close the gaps in Canada’s cybersecurity preparedness and develop a plan for countering radicalization, security experts say.

Goodale and Justice Minister Jody Wilson-Raybould held their first meeting with provincial and territorial ministers in Quebec City Thursday to hash out concerns about public safety and justice issues. Among the topics they discussed were cybersecurity and counter-radicalization — or specifically, the need to get better at sharing best practices for protecting critical infrastructure and developing a policy framework to organize counter-radicalization efforts.

While there was little detail provided in the accompanying press release, researchers focusing on national security and terrorism say the fact that the new government is making a commitment to work more closely with the provinces and territories is a good sign.

“A lot of the critical infrastructure that might need protection is in the hands of the provinces and private sector,” said Wesley Wark, a professor focusing on national security at the University of Ottawa. “That’s really the root of this — vulnerability and, in their mind, inadequate measures by the previous government.”

Prime Minister Justin Trudeau tasked Goodale with leading a review of Canada’s state of critical infrastructure protection when appointing him to the portfolio in November.

The Canadian government had been the target of multiple high-profile cyber attacks during the former Conservative government’s decade in office — in 2011, attacks traced to Chinese IP addresses targeted the Treasury Board, the Department of Finance and Defence Research and Development Canada (DRDC).

Read more here

#CyberFLASH: Nuclear Threat Initiative gives Canada high score on cyber security

cra-passwords-security_211076204-e1402005190177Much of the world’s enriched uranium and plutonium is “too vulnerable to theft” and a cyber attack on a nuclear facility could “facilitate” either theft of nuclear material or sabotage, the Nuclear Threat Initiative warned in a recent report.

“Nearly 2,000 metric tons of weapons-usable nuclear materials remain stored around the world, much of it still too vulnerable to theft,” wrote Sam Nunn, Co-chairman and CEO of Washington, D.C.-based NTI, in a forward to the 2016 NTI Nuclear Security Index: Theft and Sabotage. “The risk is compounded by the fact that a terrorist group wouldn’t need much nuclear material to make a nuclear bomb.” [click image below to enlarge]

Nunn represented the state of Georgia, as a Republican, in the United States Senate from 1972 through 1996, serving as chairman of the Senate Armed Services Committee.

This year’s NTI index – Building a Framework for Assurance, Accountability and Action, Third Edition – was developed with The Economist Intelligence Unit.

Released Jan. 14, the index assesses the security of highly enriched uranium and plutonium, rating 24 countries – including Canada – with one kilogram or more of “weapons-usable nuclear materials.” It also rates 45 countries “with respect to the protection of nuclear facilities against sabotage.”

Of the 24 nations with weapons-usable nuclear material, nine, including Canada, received the maximum score for cyber security. Seven scored zero.

A cyberattack “could facilitate the theft of nuclear materials or an act of sabotage,” NTI warned. “For example, access control systems could be compromised.”

Countries were rated on a scale of 0 to 100, where 100 is the most favourable nuclear security conditions.

For risk environment, Canada scored 79.

Read more here

#CyberFLASH: Amazon will open first cloud data storage centres in Canada

amazonAmazon.com Inc. will open its first cluster of data centres in Canada this year, helping to meet demand from companies that don’t want their data stored in the U.S. where it can be monitored by security officials.

The data centres power Amazon Web Services, which rents storage and computing power to other companies. Canada’s Internet storage sector is growing and companies such as Telus Corp. and Rogers Communications Inc. have made greater privacy under Canadian laws a key selling point in attracting business after revelations two years ago that the U.S. National Security Agency had spied on data networks run by American companies.

Beyond privacy concerns, the new data centres will also speed processing times for Amazon clients connecting with customers in Canada. The proximity of data centres to customers helps reduce response time for those running Internet-based cloud applications.

The new data centres will be in Montreal and powered almost entirely by hydroelectric generation, Amazon announced Wednesday.

Amazon has four data regions in the U.S. and a fifth coming in Ohio. Globally, Amazon has data centres in countries such as Brazil, Ireland, Japan, Australia and plans to open new centres in South Korea this year.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.