The DIACC podcast, Talking Digital Trust and Cyber Safety, invites a carousel of experts with a view into the security threat and solution landscape to speak on the platform. This week, it was the turn of Sami Khoury, Head of the Canadian Centre for Cyber Security (The Cyber Centre), who explained the evolution of their cybersecurity mandate from 2018.
As well as fulfilling their primary role to protect the Canadian government, their work goes beyond that to give advice, guidance and services for organisations in their cybersecurity journey.
Cyber threats in the Canadian ecosystem are constantly evolving, with ransomware topping the most incentivising attacks for fraudsters, motivated by money.
From 2020 to 2022, Sami Khoury says the Cyber Threat Assessment has been drafted in a few variations and is currently due for another update.
The threats in descending order after ransomware (at #number 1) derive from national states not sharing the values of The Cyber Centre and curating cyber programmes that are “put to national use for governments and companies” to “steal information property” and “get property advantage”.
Misinformation and disinformation that exists so normally online and within social media news feeds perpetuate fraud. In particular, the integrity of communication during election periods is affected, but misinformation has been normalised into our daily “vocabulary”.
Emerging technologies, like quantum photography and AI, also harbour some unknowns as to how fraudsters can target new/ the same threats to compromise this technology.
These 5 threats are now “independent”, says Khoury. Sometimes they are combined together, but the “intersection between them tends to amplify the severity of the threats”.
Non-technical people are demanding information on what the threats are as well as private and public organisations on public safety.
How does The Cyber Centre work with departments across government?
The Cyber Centre explores partnerships inside and outside federal government, fulfilling a range of activities like day-to-day monitoring of government systems and working with communities such as the treasury board and SSE, financial and telecoms communities etc.
Within federal government, the Centre shares operational cybersecurity expertise.
“We can’t do our job alone”
Expanding the scope to be a bigger support for businesses, it is important to update standards and be a hub for educational and awareness resources.
Building a relationship with organisations is crucial to receiving technical details of the security threats underneath breaches, but personal information is never required.
He continued to say the distinction between the protection of security features and protection of privacy is increasingly blurred.
Ransomware attacks steal private information; organisations have a duty through the Privacy Act to report incidents to the privacy commissioner.
