#CyberFLASH: Over Half Of Canadian Execs Say Security Is A Top Concern, But Aren’t Acting On It


A report from Microsoft Canada reveals that Canadian businesses aren’t doing enough to protect their data.

The survey revealed that while three-quarters of Canadians businesses (based upon a sample size of 700) say that implementing a digital strategy is among 2017’s top objectives, over half of them are concerned about security while migrating to the cloud.

However, Canadian executives are still navigating the security concerns that come with managing large amounts of data. Over half of Canadian executives said in a survey that security is their top concern when making the transition to the cloud.

“It’s great to see that the cloud continues to gain momentum and that Canadian businesses recognize its value,” said Janet Kennedy, president of Microsoft Canada, in a statement.

The survey also suggested that only 21 percent of Canadian executives feel fully prepared in case of a data hack or leak. Furthermore, local data residency is important to Canadian executives, as is addressing the growing concern that is cyber criminals and cybersecurity.

“The survey confirmed that business leaders need to feel confident that their data is secure and is being stored here in Canada. This is especially important for businesses with stringent compliance standards, such as government and healthcare organizations,” added Kennedy.

Read more here

#CyberFLASH: Brock professor receives grant to find what happens to your data

hacker-stolen-passwordsCheck the box to indicate that you have read and agree to the terms of service. This type of notice appears at the bottom of sign-up pages for nearly every website, application, or game many of us use on a daily basis. The question is, does anyone actually do it? We all check the box, but how many people even skim the terms of service or understand what they really mean?

Brock University Adjunct Professor of Sociology Natasha Tusikov has been awarded a grant from the office of the Privacy Commissioner of Canada with the aim of discovering just what big internet companies do with information gathered online and what it means for the online privacy of Canadians. What information do they gather, what do they do with it, and how legal is it? That is not always clear.

Tusikov’s research will cover mostly the big US internet firms: Microsoft, Google, Yahoo, eBay and PayPal, along with the major payment companies, such as Visa and MasterCard.
Internet firms, “act as global regulators, controlling different types of content and activity,” says Tusikov. eBay, for example, attempts to control the sale of counterfeit goods in agreement with major retailers. Internet service providers attempt to stop their customers from downloading copies of movies, music and software in agreement with the producers of those products. The problem with most of these agreements, though, is they are non-legally binding.

“This is a pretty new and interesting area of regulation,” said Tusikov. “Non-legally binding means existing outside of law, existing outside of judicial orders, so essentially these are handshake agreements between big companies… the reasons that some of these rights holders, like Nike and the US government, wanted to go in this direction is because they felt legislation wasn’t working.”

Read more here

#CyberFLASH: Clicking ‘I accept’ doesn’t mean you surrender right to know how a company uses your data

mobile-securityChances are you’re reading this article with some kind of smart device. And if you’re doing so in public, there’s probably a bunch of people just like you nearby, staring into the glow of their tiny screens, swiping through profiles and tweets, tapping away at a game, or organizing a date.

And the chances are also pretty good that years ago, months ago, weeks ago or even today, most of them probably just clicked “I agree” rather than read the confusing fine print of the terms of service for those apps.

But have you ever thought about what companies do with that data once you share it with them? Do you ever wonder if they track your location, or your social networks or something else? Do they hand it over to other companies? To the government? If so, under what conditions?

If any of those thoughts have ever crossed your mind — and there are good reasons why they should — there’s a new, easy-to-use tool to help you get some answers.

The Citizen Lab and Open Effect recently launched a revamped version of their online tool, Access My Info, which empowers Canadians to easily exercise their legal right to understand what data is out there about them, whether that information is shared and, if so, with whom.

All you have to do is visit the online portal, choose the service or organization you want information from, fill in your account details, and after only a few minutes, the Access My Info tool automatically generates a PDF with a detailed list of questions that can be sent to the service provider. Under Canadian privacy laws, the organizations you request this information from must comply or risk being fined.

Read more here

#CyberFLASH:​ BlackBerry skirts RCMP decryption claims in privacy defence

image-3BlackBerry has released a statement defending its core corporate and ethical principles, saying it has been focused on protecting customer privacy.

In a blog post, BlackBerry executive chairman and CEO John Chen highlighted that BlackBerry’s guiding principle has been about doing what is right for its customers, within legal and ethical boundaries.

“We have long been clear in our stance that tech companies as good corporate citizens should comply with reasonable lawful access requests. I have stated before that we are indeed in a dark place when companies put their reputations above the greater good,” he said.

The statement released by Chen comes days after reports claiming the Royal Canadian Mounted Police (RCMP) obtained BlackBerry’s master encryption key, which enabled the Canadian police to intercept and decrypt around 1 million messages used by BlackBerry’s proprietary messaging technology.

The court documents relating to a Montreal crime syndicate case revealed BlackBerry and cellular network Rogers cooperated with law enforcement.

While it’s unclear how RCMP gained access to BlackBerry’s encryption key, it is believed BlackBerry “facilitated the interception process”.

BlackBerry is long known to have used a master encryption key, used on every device to scramble messages. This gives the company access to all communications over its systems, and would permit it to hand over data to law enforcement when asked. But since the Edward Snowden revelations it was widely assumed that at least one of the Five Eyes governments colluding in mass surveillance — of which Canada is a member — had acquired the keys.

Read more here

#CyberFLASH: Regulators Get Serious About Cyber-Security

krawczyk01.jpg.size.xxlarge.letterboxIn a previous post, we discussed how to manage cyber security risks during the negotiation and due diligence stages of an M&A transaction. In this post, we discuss the ways regulatory bodies have begun managing these risks and the significance of these efforts to M&A participants engaging in substantial data asset transfers.

On February 18, 2016, the Investment Industry Regulatory Organization of Canada (IIROC) released its Compliance Priorities Report. Following this, in March 2016, the Ontario Securities Commission (OSC) released its Draft Statement of Priorities for 2016/2017. These reports, which constitute summaries of issues and action plans identified by the regulators, share a common focus on the systemic risks posed by insufficient cyber-security and recognize that our growing dependence on digital connectivity enhances exposure to cyber-attacks.

Cyber-security weakness at any level can jeopardize a company’s position during the M&A process. Information loss during or after transactions and data transfers can have dire effects on stakeholder interests. If legal responsibilities and data security problems are left unaddressed, issues such as damaged reputations or the forfeiture of customers and future sales can result is serious losses.

The OSC and IIROC are positioning themselves to take a central role in enhance cyber-security resilience by undertaking oversight initiatives to promote proper due diligence in relation to internal breaches and intrusions from external parties. The agencies hope to achieve this by:

  • improving collaboration and communication between parties;
  • assessing cybersecurity resilience through targeted reviews;
  • providing guidance on cybersecurity preparedness; and
  • publishing notices of participant and infrastructure oversight.

Read more here

#CyberFLASH: Behind the rise in Canada of managed security providers

image-2It’s taken a while but Canadian CISOs are increasingly outsourcing elements of IT protection to managed security service providers (MSSPs).

The logic is inevitable: Faced with attackers who are well funded — sometimes by nation states — while their own budgets are constrained, and with no assurance that any combination of defences will set up an impenetrable wall, infosec pros need help.

In fact, a recent IDC Canada survey of 178 security professionals noted 61 per cent said the biggest reason they chose an MSSP is because the provider can offer staff round the clock.

The second biggest reason is security isn’t a core to the business (39 per cent), while 37 per cent cited “staff knowledge of security threats,” and one-third admitted they don’t have the needed technology.

The cost of providing the best security was only cited by 27 per cent of respondents.

Mark McArdle, chief technology officer at eSentire, a Cambridge, Ont.-based MSSP with offices in the U.S. and Europe, noted in an interview that regulators are also increasing pressure on CISOs to improve security. Last year, he noted, the U.S. Securities and Exchange Commission (SEC) circulated a 28-question survey to 50 publicly-traded financial institutions asking how they handle risk management.

Read more here

#CyberFLASH: Free Wi-Fi not good ‘cyber hygiene’, says former Homeland Security chief


OTTAWA – Former U.S. Homeland Security chief Michael Chertoff has a handful of golden rules for what he calls good Internet hygiene. And the first is simple: don’t use the free Wi-Fi.

The data that people send across the Wi-Fi connections in hotels, coffee shops, or airport lounges is easily captured by others, including criminals or business competitors, he says.

Chertoff’s other advice: make your passwords more secure; be careful using those handy thumb drives; don’t open email from people you weren’t expecting to hear from; and think twice about bringing your regular tablet or mobile device with you to a foreign country where you’ll be using the Internet.

Chertoff offers high-level versions of that advice through the company he’s been running since his term ended in 2009 at Homeland Security — the department created after the 9-11 attacks to prevent a repeat terrorist attack on the U.S.

Chertoff is in Ottawa this week as part of an international commission studying the future of the Internet.

The Global Commission on Internet Governance is holding two days of meetings and has as its members some notable international figures such as Chertoff. The commission is led by former Swedish prime minister and foreign minister Carl Bildt.

The commission was formed two years ago by two think tanks: the Waterloo, Ont.-based Centre for International Governance Innovation (CIGI) and Britain’s Chatham House.

Read more here

#CyberFLASH: Telecoms refuse to release information on private data given to feds


Canada’s privacy commissioner says telecom companies are refusing to tell her office how many times they have handed over personal customer information to the federal government without a warrant.

Chantal Bernier, the interim privacy commissioner, said her office has repeatedly asked telecom companies to disclose statistics and the scope of warrantless disclosure of data, to no avail.

“I’m not disputing that there are times when there is no time to get a warrant — life is in danger,” Bernier said Tuesday.

“What we would like is for those warrantless disclosures to simply be represented in statistics so that Canadians have an idea of the scope of the phenomenon.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.