Our first Asked & Answered webinar of 2022, this FREE live webinar discussion presented by XplorNet Enterprise Solutions featured special guests Kathy Knight, Executive Director of MITTs Cyberwave, Cybersecurity Technical Centre of Excellence; Kent Smith, Partner, ourCIO; and moderator Kay Gardiner, Program Director, Digital Manitoba Initiative.
The pandemic has been a heyday for hackers. According to Kathy, “The attack surface has expanded dramatically because with remote work, many of you went from having, let’s say, one office with 30 employees to 30 offices with 30 employees, so this means the proliferation of devices has created more opportunities for bad actors and resulted in an increase in e-crime of over 400% since 2020.”
Your home is your castle and you need to defend the crown jewels. But now that extends to your office as well, so you need to know how to fortify your guns, guards and gates, so you don’t get caught with your drawbridge down. According to Kent, “We approach cybersecurity as how to keep the bad guys out and protect ourselves and our assets — these are perimeter defenses, and they can be very effective, but there’s a LOT of activity added to the mix, both inside and outside. It’s how we conduct business in a connected world that has created a shift in how we approach cybersecurity.”
NIST, the National Institutes of Standards and Technologies cybersecurity framework, is a great way to look at cybersecurity more holistically – IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER. Many businesses spend most of their time and resources in the PROTECT phase of the framework, but activity needs to be balanced across all five of the phases. “We would rather see an organization with a bulletpoint plan across all five phases, then no plan at all because it seems overwhelming to even get started.” IT breaches are one of top 5 risks to businesses right now, so preparation is the most important element in ensuring your organization can make it through and recover.
The underlying components are people, process and technology – “People come first because it is people who are accountable for cybersecurity and it is people who are responsible for managing it. Everyone needs to take ownership for their areas and processes, and create the ‘human firewall’,” says Kent. Executive sponsorship is critical, as are HR and communications team involvement, and elements of fun. Training and awareness is our first line of defense because 85% of breaches involve some kind of human error.
- Download this excellent whitepaper from CPA Canada: 20 Questions Directors Should Ask About Cybersecurity
- Canadian Centre for Cybersecurity
- CyberSecure Canada: Canada’s cybersecurity certification program for small and medium-sized organizations.