#CyberFLASH: Private sector should lead Canada’s cyber security strategy, say experts

Local Input~ FOR NATIONAL POST USE ONLY - NO POSTMEDIA - Hacker using laptop. Lots of digits on the computer screen. Credit fotolia.In the global war against crime Canada is one of a number of countries with a national cyber strategy, aimed at strengthening important departments and working with the private sector to shore up critical infrastructure.

But two security experts told a conference Thursday that businesses, not Ottawa, should be leading the charge.

But they also laid the blame for the country’s poor cyber security at the executive floor.

“We (infosec pros) feel it’s difficult to convince upper management something should be done,” Jason Murray, senior manager for cyber security at consulting firm MNP LLP, told the SC Congress conference in Toronto on Canada’s cyber strategy. “They’re not listening to us. They get it, they just don’t need to do anything about it.

“They’re accumulating technical debt. Every year they don’t spend enough on information security they’re adding to the debt and hoping that when the debt comes due they’re not around to take the fall … The market should punish these people, just like they were accumulating financial debt… and they would go out of business.”

However, he admitted, few companies – even those suffering huge breaches like Home Depot – lose customers over the long term.

But he also complained organizations “are not doing the basic hygene stuff… I go in there (to customers) and assess against the PCI (Payment Card Industry security) framework or the critical controls framework … and they’re scoring 40 per cent at best.”

Read more here

#CyberFLASH: Deloitte Provides Cybersecurity Training Curriculum Support to Canadian University

cra-passwords-security_211076204-e1402005190177Deloitte and Canada’s Polytechnique Montreal have formed an agreement to update Polytechnique’s cybersecurity training program in a move to address the changing cyber threat landscape.

The team revised the course content of the certificate programs in cyber investigation, online fraud and information technology network computer security, Polytechnique said Wednesday.

The new programs will be available at the Canadian engineering university beginning the fall semester of 2016.

“Knowing how to assess cybersecurity risks and guard against them is a key concern for many organizations,” said Marc Perron, Quebec region managing partner for Deloitte.

He added the partnership aims to both train future cyber professionals and support local enterprises’ cybersecurity efforts.

Deloitte and Polytechnique Montreal revamped 29 courses in the three updated programs and introduced 14 new courses to the curriculum.

Polytechnique said the certificate in IT network computer security program will be available in September as a distance-learning program and all three certificates will be released online in the winter of 2017.

Students under the programs have the eligibility to apply for internships.

Read more here

#CyberFLASH: Alarming gaps in cyber security identified by a new survey of Canadian energy companies

Alberta-Energy-to-discuss-cyberthreats-on-oil-and-gas-infrastructureOnly one in five Canadian energy companies could respond and recover quickly from a cyberattack, according to Deloitte Canada’s 2015 Cybersecurity survey for Alberta’s auditor general.

This is Deloitte’s first assessment of IT security risks to Alberta’s oil and gas industrial control systems (ICS), which are devices that control pumps and valves, detect leaks in pipeline operations, among other functions. The study found that right now, attacks on industry exploiting unsecured ICS are not common and may not be an immediate risk to Alberta’s oil and gas industry, but that doesn’t mean it should rest easy.

“If those who want to harm Alberta’s oil and gas industry obtain the skills needed to do so, the risks to Alberta increase,” the report authors stated.

In 2010 the world learned that a virus, called Stuxnet, successfully attacked ICS used in Iranian nuclear facilities. The Stuxnet virus attacked programmable logic controllers, a type of ICS which is also readily used in oil and gas operations.

Recently, a German steel mill was attacked by manipulating and disrupting ICS so that a blast furnace could not be shut down, resulting in “massive physical damage.”

Alberta is not immune to security risks targeting ICS. According to the auditor general report, a sophisticated cyber attack was detected against a Calgary-based company that supplies ICS remote administration and monitoring tools and services to the energy sector in Alberta. 

Read more here

Password hacking top concern for Canadians

computerdark(1)TORONTO – If you are using the same password for all of your online activity, or a basic password that is easy to remember, you are at an escalated risk of being vulnerable to hacking, according to a new study.

Deloitte Canada predicts that over 90 per cent of user-generated passwords, even those considered strong, will be vulnerable to hacking in seconds. 

Read more here

Think Your Password Will Protect Your Data? Think Again

deloitte2

TORONTO – More than 90% of user-generated passwords will be vulnerable to hacking in a matter of seconds, according to Deloitte’s Canadian Technology, Media & Telecommunications (TMT) Predictions 2013 report. Deloitte’s TMT Predictions 2013 report also counters what many believe to be true, revealing less than 1% of Canadians will “cut-the-cord” on their subscription TV services, existing broadcasters will continue to deliver the majority of OTT services, and 4K televisions won’t disrupt the marketplace just yet.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.