Cybersecurity

CYBERSECURITY

Protecting Canada from Cyber Threats Means Protecting SMBs

The threats we face in cyberspace are rapidly evolving. In a world where our economy and essential services are increasingly online, cybersecurity is critical to ensuring the viability, continuity, and growth of Canada’s economy.

In this interview, Ulrike Bahr-Gedalia, Senior Director of Digital Economy, Technology & Innovation and Cyber. Right.

Now. (CRN) campaign policy lead at the Canadian Chamber of Commerce interviews Marjorie Dickman, BlackBerry’s Chief Government Affairs and Public Policy Officer.

Dickman discusses how BlackBerry, a partner and co-chair of the CRN campaign, can help secure Canada’s digital future by protecting Canada’s small- and medium-sized businesses (SMBs). Small businesses comprise 98 per cent of Canadian businesses — highlighting the importance of protecting them from cyber threats.

ULRIKE BAHR-GEDALIA: What’s needed to strengthen Canada’s resilience to cyberattacks? Which sectors do you see as most vulnerable?

MARJORIE DICKMAN: The Government of Canada has made important strides to protect critical infrastructure from cyber threats over the past year. The ongoing review of the National Cyber Security Strategy and the introduction of the Critical Cyber Systems Protection Act (Bill C-26) will help protect Canada’s critical infrastructure from cyberattacks, particularly in key sectors like banking, energy, telecommunications, and transportation.

Additionally, BlackBerry encourages an increased focus on securing Canada’s smalland medium-sized businesses (SMBs) from cyber threats. SMBs are the backbone of Canada’s economy. In 2021, SMBs made up 98 per cent of all businesses in Canada and employed almost 85 per cent of the total labour force. Supporting the growth of SMBs is critical for Canada’s economic prosperity.

Yet, Canada’s SMBs are increasingly vulnerable to cyberattacks. According to the

Insurance Bureau of Canada, 47 per cent of Canadian small businesses did not invest in cybersecurity protection in 2021. The following statistics highlight why more needs to be done to help Canada’s SMBs establish cyber defences:

• SMBs face an average of 11 cyber threats per day (BlackBerry 2022 Threat Report

The average cost of a cyber breach is $7 million (IT World Canada)

Only 14 per cent of businesses have cyber insurance coverage limits above $600,000 (BlackBerry Cyber Insurance Study)

• 59 per cent of businesses hope that the government will cover damages for attacks linked to nation-states (BlackBerry Cyber Insurance Study)

Cyberattacks are devastating to SMBs. 60 per cent of SMBs that fall victim to a cyberattack are out of business within six months (BlackBerry 2022 Threat Report) With the rapid pace of digitalization — especially since the start of the pandemic — Canada cannot afford to leave SMBs exposed to cyber threats.

BAHR-GEDALIA: How can SMBs better protect themselves from evolving and increasingly complex cyber threats? How can using Artificial Intelligence (AI)-driven solutions reduce risk and costs?

DICKMAN: By adopting an AI-driven, prevention-first approach to cybersecurity, SMBs can increase their cyber resilience and focus on their growth. With the application of AI-driven cybersecurity solutions, it’s possible to neutralize malware threats before they have a chance to execute on a business’ systems. In addition, AI-driven cybersecurity solutions can help SMBs dramatically reduce the cost associated with recovering

from a cyberattack. If malware cannot execute, then the downstream consequences, and the resulting efforts to trace, contain, and remediate the damage from cyberattacks, are dramatically reduced. For example, a Forrester Consulting study of BlackBerry’s CylancePROTECT Endpoint Protection (EPP) solution, which uses advanced AI, found that CylancePROTECT helped a customer achieve a 95 per cent reduction in lost employee time due to faster threat investigation and remediation. In short, AI-driven cybersecurity solutions give SMBs the ability to protect themselves from highly sophisticated cyber threats and achieve cost savings.

BAHR-GEDALIA: As a partner and co-chair of Cyber. Right. Now., could you summarize in one sentence what the initiative is trying to achieve?

DICKMAN: The Cyber. Right. Now. campaign aims to make Canada one of the most cyber-secure countries on the planet. It’s a unique initiative championed by the Canadian Chamber of Commerce, BlackBerry, and more than two dozen leading technology and cybersecurity organizations, including Microsoft Canada, Amazon Web Services (AWS), General Dynamics Mission Systems-Canada, Cenovus Energy, Sun Life, BMO, Calian, and eSentire. Together, we’re urging the Government to make cybersecurity a top priority and Canada, a world leader in cyber protection.

To learn more about BlackBerry’s AI-Driven Cybersecurity solutions, visit BlackBerry at blackberry.com/us/en/ products/cylance-endpoint-security

To learn more about the Cyber. Right. Now. campaign, visit the Canadian Chamber of Commerce at chamber.ca/ campaign/cyber-right-now

This article was made possible with support from the Canadian Chamber of Commerce

Diversifying Talent Pool Key to Solving Cyber Talent Shortage in Canada

Demand for cyber talent in Canada is high because of the increased number and complexity of threats facing organizations of all sizes. And for employers trying to meet the growing needs of the sector, figuring out how to attract, recruit, and retain qualified cybersecurity talent is an ongoing challenge.

Rogers Cybersecure Catalyst — Toronto Metropolitan University’s national centre for training, innovation, and collaboration in cybersecurity — is working to solve this problem. “We bridge the talent gap by working to ensure there’s a consistent supply of cyber professionals with in-demand skills,” says Rushmi Hasham, Director of Accelerated Cybersecurity Training Program and CyberStart Canada at the Catalyst.

To diversify the talent pool and provide access to training, the Catalyst launched the Accelerated Cybersecurity Training Program (ACTP) in 2020. “The program is specifically designed to give women, newcomers to Canada, and individuals who’ve recently lost employment the opportunities and skills needed to launch a successful career in the sector,” says Hasham. ACTP learners earn three GIAC Certifications within seven months, which qualifies them for entrylevel cybersecurity roles.

While many may perceive cybersecurity as restricted to people with highly developed technical skills, there’s no single cybersecurity persona. The field is open to virtually anyone who is interested, regardless of their professional background, education, and industry experience. In recent research conducted by Blueprint — a non-profit research organization — in partnership with Future Skills Centre, the top three non-technical skills that cybersecurity employers look for are verbal communication skills, problem-solving and critical thinking, and attention to detail.

“Cybersecurity is one of the most welcoming industries, and the more we bring in diversity of thought and background, the more we’re able to create solutions that are as diverse as the problems that are coming at us,” says Hasham. Cybersecurity employers are invited to connect with the Catalyst to gain access to a talent pipeline of certified and employment-ready cyber professionals.

Join the conversation by taking our cyber talent survey or learn more about hiring skilled cyber talent at cybersecure catalyst.ca

The Search for True Randomness: Quantum

Hardening of Cybersecurity’s Weakest Link

Discover

The quantum computing revolution is imminent, and it brings with it an existential threat to traditional encryption and cybersecurity, even as we find ourselves in an era of unprecedented cybercrime. It’s vital that we evaluate today the quantum vulnerabilities of our systems, and that we be equally cognizant of the opportunities to bolster these systems with quantum reinforcement.

Significantly, the advent of quantum random number generators (QRNGs) is providing an opportunity for immediate future-proofing by enabling cryptographic systems that are truly secure against all random number attacks.

“Currently, encryption seeds are generated by pseudorandom number generators that are essentially algorithms using mathematical formulas to produce sequences of seemingly random numbers,” explains Francis Bellido, CEO of Canadian quantum-safe cybersecurity innovator Quantum eMotion. “We have produced a second-generation QRNG based on the quantum tunneling phenomenon created by electrons, unlike other competitive technologies which depend on photonics physical properties. This new approach shows distinctive advantages in terms of robustness, speed, scalability, and cost.”

Quantum eMotion’s QRNG technology is just 10 microns across, making it possible to enjoy this added layer of security in all contexts, embedding it into pre-existing chips in computers, smartphones, or any other device that connects to the Internet.

Tomorrow's essential security is today’s peace of mind Adopting this type of quantum-enabled security measure today not only provides essential future-proofing to sensitive digital systems, it also functions as a key safeguard against the ever-increasing assault of conventional cyberattacks. “Cyber threats are growing more sophisticated by the day, and the cost of breaches to North American businesses is measured in the billions of dollars,” says Bellido. “The difficulty in sourcing truly random numbers has long been known to be a existential vulnerability to our digital security systems, and embracing the power of quantum randomness today is the only way to get a full step ahead of the most dangerous cybercriminals, before they have access to next generation quantum tools of their own.”

Protecting Canada against cyberattacks is a daunting challenge.

Cyber breaches have increased by 4,379 per cent between 2015 and 2020, according to Risk Based Security — costing billions of dollars from ruined reputations, lost sales, and legal costs. Aware of the threats, organizations are stepping up their cybersecurity. However, they face the problem of not having enough skilled talent in the industry.

In 2020 Deloitte made a goal to make Canada a safer place. To do that the company has taken actions to help fill the skill gap, through various hiring programs, partnerships with post-secondary, and developing cybersecurity skills base with new individuals not traditionally found in cyber or IT. To help fill the skills gap, Deloitte — a worldwide leader in cyber strategy consulting and cyber intelligence — is inviting professionals from different industry backgrounds to make a career transition.

Existing skills, additional training, and supportive culture ensure successful transition

Lillian Piao, Senior Manager with a cybersecurity team in Deloitte’s Risk Advisory practice, is one of them. With a degree in electrical engineering, she spent six years in the energy sector within the operational technology field. As she reflected on her career path, she realized she was starting to feel a bit repetitive. Shortly thereafter, Justin Fong, a partner in Deloitte’s cybersecurity practice, reached out to her with an opportunity. “I was curious, but I didn’t have

a lot of background in the area,” says Piao. She decided to give it a try, and nearly six years later, Piao is enjoying a rewarding career, supporting clients on large cybersecurity programs to mature their cybersecurity practice. She was able to use some of her prior professional background and industry knowledge to fill her skills gap. The rest she did through additional training, coaching, and certification. Piao credits Deloitte’s open and supportive culture with helping to ease the transition. “It can be really nerve-wracking when you’re starting in an area where you don’t have a lot of knowledge, but my peers and superiors were amazing and made me feel very comfortable,” she says.

background. This is not the case. “There are many different types of roles and jobs in the field,” says Piao. These range from technical roles in IT to roles in strategy, business development, incident response, and risk management, which require soft skills. Other traits such as analytical and critical thinking and the willingness to build skills through self learning will make this transition a rewarding one. “I’m constantly learning and developing, especially as we evolve our Cyber Target Operating Model.” she says.

A burgeoning industry with high demand for talent

Cybersecurity is a burgeoning industry. A 2018 Deloitte report estimated that 1.8 million cybersecurity jobs would need to be filled by 2022. “There’s still a talent shortage in cybersecurity,” says Piao. “Right now, we have people who’ve been in the industry for many years as well as a lot of new talent just coming out of school, but the real gaps are in the middle, and one way to fill that gap is through career change,” she says.

One misconception about the cybersecurity profession is that it requires an IT

In being the catalyst for training and nurturing cybersecurity leaders, Deloitte is ensuring a broader cybersecurity talent pool for Canada as a whole, thereby helping to keep Canada safe from cyber threats and bad actors both now and in the future.

If you’re thinking about shifting industries and looking for an exciting career challenge, visit deloitte.ca/careers to learn more about Deloitte’s cybersecurity opportunities.

Is

Right now, we have people who’ve been in the industry for many years as well as a lot of new talent just coming out of school, but the real gaps are in the middle, and one way to fill those gaps is through career change.

All Hands on Deck: The Skyrocketing Demand for Canadian Cybersecurity Skills

The impact of cybercrime on the Canadian economy is measured in the billions of dollars, but so too is the economic contribution of the rapidly growing cybersecurity jobs sector. As cyber threats and cybersecurity systems continue to multiply and grow ever more advanced, the biggest question is how to fill thousands of available cybersecurity positions with appropriately skilled workers.

Cybercrime in Canada is reaching crisis levels. The federal government estimates the damage to the country’s economy somewhere north of $3 billion annually. With the cost of an individual breach or ransomware attack on a business usually measured in millions of dollars, companies — large and small — are scrambling to hire the most qualified cybersecurity experts. That’s easier said than done. Job openings in the field appear faster than people can be trained with the specialized skills needed to fill them.

“From supply chain disruptions in the private sector to ransomware attacks on governments, cybercriminals have become increasingly sophisticated and the threat landscape more diverse,” says Kevin Magee, Chief Security Officer at Microsoft Canada.

“These cybersecurity challenges are compounded by a workforce shortage; there simply aren’t enough people with the cybersecurity skills needed to fill open jobs. This is a global problem. By 2025, there will be 3.5 million cybersecurity jobs open globally, representing a 350 per cent increase over an eight-year period, so there will be no shortage of career opportunities in the field in Canada.”

a whole is more vulnerable to cyberattacks,” Mondou says.

Solving the talent time-to-market problem

With the demand for cybersecurity professionals doubling every year, the immediate need requires a better approach to training cyber talent. The first step is to fully leverage the cybersecurity talent we already have available in Canada. TECHNATION’s Career Ready Program, funded by the Government of Canada’s Student Work Placement Program, is one important way to address the growing time to market challenge.

“As part of TECHNATION’s Career Ready Program, we worked collaboratively with SkyHive, who are developing some of the world’s most advanced reskilling technology based on Quantum Labour Analysis, to develop and deploy CareerFinder,” says Mondou. “CareerFinder is a first of its kind in Canada, a leading-edge digital labour market intelligence platform and unique national asset, which uses artificial intelligence and machine learning to identify critical workforce skills needed across all sectors both in the present and in the future.”

Injecting cybersecurity skills at every level

The CareerFinder platform shows over 4,000 open cybersecurity positions across Canada daily. To meet growing demand, TECHNATION is working with industry and academia to push new and innovative forms of Work Integrated Learning (WIL) to accelerate tech talent in critical areas. TECHNATION has also partnered with Microsoft Canada to pilot the Explore internship program, which helps students from diverse academic and cultural backgrounds to realize career pathways into the digital workforce and cybersecurity.

expedite the connection to talent between industry and academia to address the ongoing cybersecurity talent shortage. “We need more bold thinking like we see at Lassonde. Canadian post-secondary institutions must start modernizing curricula with WIL and closer industry partnerships now or we will continue to fall behind as a global tech leader.” says Mondou.

“Education and skilling-focused programs and tools like Explore and Career Ready are helping to equip and empower the next generation of digital leaders with the essential skills our economy needs to thrive in the future,” Magee says. “A challenge of this scale is significant, and to address it, tech companies like ours, governments, academia, and business will need to work together to provide skilling opportunities both to skill-up our own employees and to grow the cybersecurity workforce by attracting new people to the profession.”

The growing cybersecurity job gap and unfilled positions, is not a viable option. Angela Mondou, President and CEO of TECHNATION Canada, the leading national technology association, compares the current situation to a military with thousands of soldiers and aviators absent from the ranks during wartime.

“The job gap Canadian industries are experiencing across the board means that Canada as

TECHNATION has been advising on Lassonde School of Engineering at York University's work-integrated degree program in Digital Technologies, a first in Canada. Students earn a salary while working with the same employer throughout the fouryear degree and 20 per cent of their student worktime is allocated for academic learning — delivered in intensive, year-round blocks. This program is expected to produce many cybersecurity analysts and other cyber professionals. It’s an innovative program to

Rising cybercrime presents a tremendous challenge to Canadian businesses and government, but the skyrocketing demand for cybersecurity professionals also presents a tremendous economic opportunity. TECHNATION and its partners are hard at work finding innovative ways to meet this challenge and opportunity in ways that benefit Canada, Canadian businesses, and Canadian workers.

The job gap Canadian industries are experiencing across the board means that Canada as a whole is more vulnerable to cyberattacks.

It only takes one cybersecurity breach to bring an unprepared organization to a screeching halt, or worse. And because cybercriminals know what’s at stake, they also know the leverage they hold over a compromised victim. Cybercrime has become big business, and so diligent, leading-edge cybersecurity has become an essential part of any business operation that hopes to succeed and survive. The challenge, however, lies in understanding, sourcing, and implementing those highest standards of cybersecurity in a field that moves so quickly.

What you don’t know can hurt you Cyber threats evolve at a mind-boggling rate, and without specialized knowledge and constant vigilance, security systems can become obsolete as quickly as they’re implemented. And with demand for cybersecurity services skyrocketing without an end in sight, there’s a growing gap in the availability of talent with the appropriate skills and training. In this environment, cyber resilience is not a oneand-done business expense; it’s a continual process requiring dedicated professionals who are in short supply. Businesses of all sizes need help.

Take the case of a Canadian multinational manufacturer and service provider operating in the nuclear and conventional power space. The potential consequences of a cybersecurity breach for this operator are profound, and their clients rightfully want to be assured that their systems and processes are adequately

Businesses that don’t adapt to this new reality can face dire consequences: business-risk decisions made in isolation will drive up costs through redundancy and inefficiency. Projects initiated without context won’t deliver the highest return on cyber investment, nor address the most pressing corporate needs. As the lines between security, privacy, and data management dissolve, a decision in one area can affect multiple aspects of the enterprise.

Bringing order to chaos

But this “Convergence of Cyber Risk” creates opportunities as well. Adopting a holistic view of cyber breaks down the traditionally siloed areas of security (information technology, operational technology, internet of things, and more), compliance, business continuity, third-party/supply chain management, personnel, and privacy risk. Taking a riskbased approach — rather than chasing the latest technology or a flashy point solution — brings order to chaos. Security, privacy, and data management initiatives can be driven by well-coordinated and defined corporate requirements and shaped to address all cyber legislative/regulatory requirements, governance, corporate policy, industry standards, and control objectives. When security, privacy, and data management services (people

undertaking process with supporting technology) work in harmony as part of a cohesive cyber framework, the organization moves from the tactical to the strategic.

A new era equals new opportunity

The starting point for a comprehensive cyber program is “by-design” compliance with regulation and legislation. Then, applying a risk management paradigm ensures that the organization addresses real-world risks cost-effectively and balances those risks against other critical organizational imperatives, such as ensuring timely, effective, and efficient services.

ISA Cybersecurity’s Cyber Management Consulting (CMC) practice helps businesses benefit from the convergence of cyber risk. CMC is led by some of the most accomplished and experienced experts in Canada and backed by an extensive network of cyber professionals developed over 30 years in the business. We ensure appropriate rigour and internationally-recognized techniques are applied to the analysis and management of security, privacy, and data management risk and the development of programs and solutions. We can help you decide, “What’s next?”

Canada’s cybersecurity talent in the global marketplace

Ferro Technics is a Toronto-based IT security firm and emerging global leader in security certification and training. The Ferro Technics team was able to perform a thorough gap analysis of operations at this energy industry partner, identify their weaknesses, and create a comprehensive framework of policies, processes, and internally developed skills that allowed the company to secure their assets, achieve ISO 27001 certification, become resilient against threats and incidents, and future-proof their operations against the everchanging risk landscape.

It’s not only large, industry-scale organizations that are in need of this level of security, however. Smaller businesses and even nonprofit organizations have similar obligations to security and privacy without access to the internal skill sets to achieve those goals. In the case of a Florida non-profit franchise with five offices, Ferro Technics was able to carry out a comprehensive risk assessment, offer guidance on secure service providers, provide extensive training and upskilling of existing staff, and help put in place the policies that would both prevent breaches and mitigate harm from unpreventable incidents. Thus, security and privacy were diligently managed for the peace of mind of both the non-profit’s donors and the citizens relying on its services.

With the field of cybersecurity knowledge growing ever more specialized, and with the demand for those skills growing faster than new professionals can be trained, the security of Canadian organizations depends on providers like Ferro Technics, which can not only serve as concentrated hubs of knowledge for many partners but also focus on training and certification to build cyber resilience within the existing workforce. Cybersecurity is essential to every modern operation, regardless of sector or size. With training and guidance, no organization in Canada needs to remain vulnerable.

A Fast Track Way to an In-Demand Cybersecurity Career

Cybersecurity is a pressing issue affecting every industry and how we run our lives. “The vast majority of communications we engage in nowadays touches on some sort of electronic communication system, so security necessarily has to be top of mind, not just for people who work in the security industry but for everybody,” says Laura Franks, a cybersecurity instructor at Lighthouse Labs.

The good news is that there are plenty of career opportunities in this booming sector, and you don’t need an IT degree, deep expert knowledge, and years of experience to take advantage of them. Lighthouse Labs, founded in 2013 by a team of software developers with a passion for coding, mentorship, and education, offers a modern, immersive approach to tech education that can be completed in a short time and open doors to a new and exciting career.

Filling talent gaps with accelerated boot camp program In response to increasing demand from industry, Canadians, and the widening talent gap, Lighthouse Labs has launched a new program focused on cybersecurity called the Cyber Security Bootcamp.

“Right now, there’s a shortage of people with a working knowledge of cybersecurity at the level the industry requires when it comes to jobs or positions where security is part and parcel of the tasks that they’re responsible for,” says Franks. “These are not dedicated IT security positions but ones where the ability to identify and resolve certain cybersecurity threats is an important part of their job,” she says.

The recent pandemic, which completely overhauled the way we work, has increased the complexity of the cybersecurity environment and the need for good cybersecurity-minded approaches to handling information. “More people are working from home or remotely, and when it comes to accessing electronic communication methodologies and using technology to create, store, and pass information, one of the things we have not yet had an opportunity to do is embed basic good security-minded approaches in people,” she says.

The Lighthouse Labs Cyber Security Bootcamp aims to fill this gap and is specifically intended to introduce learners to the tools and skills needed to identify and respond to abnormal events on our communications pathways and networks. “We’re introducing them at an entry-level to be able to understand what’s occurring with the systems and how to identify and respond when something isn’t

right,” says Franks. In addition to being valuable professional training, the course can also be beneficial on a personal basis. “It’s great to have a basic understanding of security and how to take a security-minded approach to the information you handle in your everyday life,” says Franks.

boot

Cybersecurity

camp program an option for all learners

The Lighthouse Labs Cyber Security Bootcamp is a full-time, 12-week course designed to teach the fundamentals of network and application security. It’s accessible to anyone — regardless of skill level or prior experience — including beginners with no prior computing experience but who are comfortable working online; hobbyists/IT individuals who consider themselves tech junkies and have a love and interest for all things digital; and protectors and defenders who have the drive and desire to protect and defend the digital world from attackers.

Common elements uniting these three learner categories are:

• Understanding of the threats facing critical infrastructures, consumers, businesses, and stakeholders of the digital economy

Passion for learning new skills

Eagerness to start a cybersecurity career

Intensive and immersive, this cybersecurity boot camp takes a hybrid, virtual approach — mixing live online classrooms and self-guided learning. Following an introductory self-study

prep, students dive into modules on server administration, network security, threat modelling and analysis, incident response, and more. Students learn to recognize, intercept, and block malicious actors from infiltrating an organization’s secure networks.

A strong mentoring program with industry security professionals ensures that students have access to mentors 10 hours a day, five days a week, to answer questions or get assistance. Students are awarded an Ontario-recognized diploma upon completing their final examination and team study assessments.

Lighthouse Labs also works to connect graduates with potential employers to help them break into the security industry, which boasts the lowest unemployment rates in the country and across the globe. Given the demand is expected to grow, graduates from the Cyber Security Bootcamp program are well-positioned for a secure, well-paying and exciting career path.

Helping Canadians go further in their careers

What are some potential entry-level opportunities that graduates of the Cyber Security Bootcamp program can expect to find?

“It depends on exactly which position they want to enter, but it commonly would be something like junior or Level 1 security operations centre (SOC) analyst or cybersecurity analyst for an organization,” says Franks. “From there, they can start to build the experience they need to be able to move up the ladder in the security industry.”

Franks has this to say to people who feel they lack the talent for an IT career: “It’s not about having a talent for IT. It’s about having an interest in exploring, problem-solving, working with puzzles, and discovering new things. These are the types of skills that you will be using in the industry, and these are the skills we teach.”

Through accelerating learning opportunities like these, Lighthouse Labs is helping graduates achieve their ambitious career goals and filling the cybersecurity talent gaps in the Canadian workforce.

Since 2013, Lighthouse Labs has graduated over 4,000 students and maintains over 96 per cent employment rates for its job-seeking alumni. Lighthouse Labs continues to develop its curricula and find the best ways to transform how tech education is delivered.

Is Cyber Security Bootcamp For You?

Beginner

You have no prior computing experience, but you’re comfortable online and keen to learn the new skills you’ll need to start your cybersecurity career.

Hobbyist/IT Experience

You’re a tech junkie with an interest in all things digital. You may have previously worked in IT, have coding experience, or simply have a love for computers and are eager to expand your passion into an exciting career.

Protectors & Defenders

You have a drive to protect and defend the digital world from attackers. Regardless of your technical background, you understand the threats facing critical infrastructures, the consumers, businesses, and stakeholders of the digital economy.

It’s great to have a basic understanding of security and how to take a securityminded approach to the information you handle in your everyday life.

Security is about community, and it always has been. If you live in a heavily fortified house, complete with private guards, in an area where crime runs rampant, you are less safe in real terms than someone living in a normal home in a nice and well-maintained neighbourhood, someone who may not even have a lock on their front door. Critically, what keeps a neighbourhood safe, more than anything else, is the social bond that values collective security, that provides support for less fortunate neighbours, and that maintains an open dialogue addressing concerns collaboratively. When we’re talking about cybersecurity, the principle is the same.

On the internet, we’re all neighbours Our digital neighbourhood is quite a lot larger than our physical one; our neighbours may be on the other side of the country. But, with Statistics Canada finding that 21 per cent of Canadian businesses have been impacted by cybercrime, and with Public Safety Canada estimating that this crime causes over $3 billion in economic losses each year, the simple truth is that the best way to bolster individual security is to ensure that all of us are more secure. Enter the Canadian Cyber Threat Exchange (CCTX), a pan-Canadian organization dedicated to helping members address the growing threat landscape collectively.

“Our raison d'etre is to help our member companies build resilience through collaboration,” says Jennifer Quaid, Executive Director of Canadian Cyber Threat Exchange. “It’s exactly the same idea as your local neighbor-

remediate.”

It’s an all-hands-on-deck approach that ideally extends both inwards and outwards for business security. “Cybersecurity is no longer just the responsibility of the IT department,” says Bob Gordon, Strategic Advisor at Canadian Cyber Threat Exchange. “All business units have to get engaged and think about, for example, the supply chain. That means looking at the security of all the organizations upon which you depend to keep your business operating. We see companies that are out of

business for a while not because they were hit by a cyberattack, but because one of their suppliers was.”

With Canadian business so interconnected, and with cyber threats like phishing attacks so ubiquitous and indiscriminately targeted, Gordon emphasizes that it’s a matter of when, not if, any Canadian business of any size faces a threat that impacts them or their supply chain. But that does not mean that disaster is inevitable. Far from it. “That's when we start to talk about the whole notion of cyber resilience, which also requires a conversation across all business activity,” says Gordon. “It’s about being able to recover from that incident and get back into operation as soon as possible.”

Resilience in community CCTX sees this resilience in action every week when its member companies come together on a call to share and talk about the threats and incidents they’ve experienced. Working together as a community, the collective experience helps those who have been impacted bounce back more easily. And those who have not yet seen that threat in action become better prepared for the day when they do.

Quite simply, in Quaid’s words: “Collaboration works.”

“It works in most industries,” she continues, “and in cybersecurity, it's critical. The