As Canada’s Senior Official for Cybersecurity, how are you ensuring that cybersecurity policies across different federal departments remain consistent, coordinated, and aligned with national priorities?

Coordination across the Canadian government is a critical element to effectively respond to cybersecurity challenges and protect Canadian organizations from the constantly evolving threats. With a career spanning over three decades at the Communications Security Establishment Canada (CSE), a career that values collaboration and partnership, I recognize where expertise lies within the Security and Intelligence community and beyond to tap into the right resources. These years of experience and a voice at key digital tables contribute to discussions that better inform decision-makers with accurate, up-to-date, and authoritative information.

What mechanisms are in place to ensure real-time coordination between government, regulators, and security partners?

Cyber incidents can have a significant impact on an organization if not promptly addressed. Speed is essential to contain the incident and limit the impact of the malicious cyber actor. We often say cyber is a team sport, and a well-functioning team is built on clarity of roles; everyone playing their position. Within the Government of Canada, that clarity of roles is codified in legislation (for example, CSE is recognized as the technical authority for cybersecurity), and cyber incidents affecting Government of Canada (GC) systems and non-GC systems have respective response frameworks including the Government of Canada Cyber Security Event Management Plan (GC CSEMP) and the Federal Cyber Incident Response Plan. These frameworks outline, based on the severity of the incident, the various roles and structure to support the incident response. Since there are no two incidents alike, lessons learned are incorporated in revisions of these frameworks to ensure they are efficient and effective in responding to incidents.

How is the federal government working to strengthen resilience while also building public trust in Canada’s digital systems?

The release of the National Cyber Security Strategy (NCSS) in 2018 recognized the criticality of addressing cybersecurity challenges. The establishment of CSE’s Canadian Centre for Cyber Security (Cyber Centre) and its recognition as the technical authority for cybersecurity were key enablers. For the past seven years, the Cyber Centre has been expanding its reach, supporting organizations across the country, publishing advice and guidance, issuing alerts, and advocating for an agenda of resilience and preparedness. Building partnerships with private and public organizations is crucial to earning their trust and enabling timely information sharing. Informing Canadians about cyber threats takes many forms, including media engagement, conference participation, and private events. This sustained engagement helps raise awareness of the Government of Canada’s breadth of capabilities and the benefits gained from these partnerships.

How are you ensuring cybersecurity considerations are embedded into broader government decision-making?

Whether in government, the broader public, or private sector, effectively tackling the cybersecurity challenges we face is not only reliant on technical ability but also depends on well-informed governance and leadership. At the broadest level, the Canada School of the Public Service offers a mandatory cyber ecurity awareness course to the federal public service. This course level-sets awareness of the latest threats and challenges and offers some best practices to mitigate common vulnerabilities. Within the federal government, there are also several senior-level committees representing a broad range of government departments that meet regularly to discuss all aspects of cybersecurity and inform the government of the latest developments. These engagements ensure the widest possible awareness of cybersecurity challenges and inform the necessary considerations across the government.

Looking ahead, what emerging threats or policy challenges do you see as most urgent for Canada’s cybersecurity posture in the next 3–5 years?

We are living in an unprecedented digital revolution. Over the next three to five years, our mindset for anticipating and proactively combatting threats needs to evolve as rapidly as we see the technology evolving. Looking ahead, this applies particularly in the areas of artificial intelligence and quantum science. Canada has already proven itself a leader in these two emerging fields that are expected to bring many beneficial impacts to Canadians, in the areas of research, productivity, and security, to name a few. However, these emerging fields also need continued attention and thought leadership to ensure net benefits for all, given the scope and scale of malicious actors, trying to exploit this rapid pace of innovation to leverage these capabilities to their advantage. It is worth noting that these innovations do not exist in a vacuum. Cybersecurity is a whole-of-society issue, that requires a whole-of-society response. Increasing our collective level of vigilance will be key to maintaining our strong cybersecurity posture over the next three to five years – and beyond.

The post Strengthening Government Coordination for a Cybersecure Future appeared first on HiveInnovates.

In February, the Government released its updated National Cyber Security Strategy – Securing Canada’s Digital Future. How is CSIS contributing to this strategy, and what should Canadians know about how it will improve our national resilience?

CSIS was a key partner during the development of the National Cyber Security Strategy, providing insight into the ways in which Canada is threatened by hostile state cyber actors. CSIS investigates human and technical threats to Canada’s security, both at home and abroad, and we maintain valued partnerships with Canadian agencies, such as Communication Security Establishment (CSE), which notably includes the Canadian Centre for Cyber Security (CCCS), as well as the RCMP. CSIS collects intelligence on national security cyber threats by leveraging our unique authorities to collect information that CSE and CCCS may not be able to collect. As a member of the Five Eyes, Canada continues to work with our trusted foreign partners to disrupt the activities of malicious actors, as exemplified by our participation in the US-led Dying Ember 2024 takedown of significant digital infrastructure used by Russian cyber threat actors.

We’ve seen growing concern about foreign cyber actors targeting Canada’s critical infrastructure. How serious is this threat today, and what role does CSIS play in helping protect these vital sectors?

This threat is a serious and growing concern. Like many of our allies, Canada is a target for malicious cyber actors looking to gain access to critical networks to be leveraged for information, money, sabotage, or other offensive purposes. CSIS plays a crucial role in helping protect the networks of Canada’s critical infrastructure, using its extensive intelligence-gathering apparatus to provide unique insight into the tactics, capabilities, and motivations of adversaries. For example, recently CSIS and CCCS participated in a US-led joint cybersecurity advisory calling out PRC state-sponsored malicious cyber activity targeting telecommunications companies across the globe. 

With the rise of AI-powered threats, how is CSIS preparing for this new era of cyber-enabled influence and foreign interference?

The rise of AI-powered threats has significantly increased the complexity of the broader cyber threat to Canada. CSIS continues to adapt to this reality by collaborating with academic institutions and private sector; and by leveraging its own intelligence collection to gain insight into evolving foreign actor approaches to mitigate these threats now and in the future. CSIS is also investing in the development of a workforce with expertise in AI, machine learning, and data science.  

With new authorities granted under Bill C‑70 related to cyber intelligence operations and growing public concern about surveillance, how is CSIS ensuring its activities remain transparent?

C-70 legislative changes have enabled CSIS to provide more tangible information to partners outside of the federal government, including in provincial/territorial/Indigenous governments, industry, and academia to help them better understand and recognize threats to national security, including cyber threats. The ability to do so, will in and of itself increase transparency with Canadians.

CSIS remains accountable to the government, parliament, and the Canadian public for all of its activities, and it is subject to robust oversight through a variety of mechanisms, including ministerial direction, parliamentary oversight, the Intelligence Commissioner, the Federal Court, and independent review bodies like the National Security and Intelligence Review Agency and the National Security and Intelligence Committee of Parliamentarians.

How is CSIS supporting the private sector, especially industries vulnerable to cyber espionage?

CSIS’s close collaboration with the private sector helps advance a whole-of-society approach to building resilience to the ever-growing cyber threat. CSIS has been working with Canadian businesses and business associations, including the Business Council of Canada (BCC) and the Canadian Chamber of Commerce, to provide support and enhance collaboration by sharing information to increase industry understanding of – and build resilience – against threats, including cyber threats. Another example is how CSIS regularly engages with the Canadian Security Telecommunications Advisory Committee, and the Energy Security Technical Advisory Committee.

The post Behind the Firewall: CSIS at the Frontlines of Cyber Threats appeared first on HiveInnovates.

Charles Finlay

Founding Executive Director, Rogers Cybersecure Catalyst, Toronto Metropolitan University

Every year, cybercriminals expand their reach and increase their global impact. Hundreds of billions of dollars vanish through ransom and theft of intellectual property. Power grids and hospitals are attacked, companies are targeted, and even elections are manipulated, putting democracy at risk.

In this conversation, Charles Finlay, Founding Executive Director of the Rogers Cybersecure Catalyst at Toronto Metropolitan University and a member of the Canadian Chamber’s Cyber Security Council, and Ulrike Bahr-Gedalia, Senior Director of Digital Economy, Technology, and Innovation at the Canadian Chamber of Commerce, discuss how a two-pronged approach can ensure that Canada’s cyber defences stay competitive in a geopolitically changing landscape. 

Ulrike Bahr-Gedalia: How can law enforcement agencies keep up with cybercriminals who operate without borders?

Charles Finlay: Law enforcement agencies must continue to match the cybercriminals’ agility. As arrest powers are usually limited to specific jurisdictions, agencies must advance their efforts to coordinate seamlessly across borders and share information even quicker. Their work is incredibly challenging — they have to leverage multinational enforcement platforms and legal processes to identify victims, take down sites, follow crypto payments, seize hardware and arrest suspects, all in real time.

Building a meaningful deterrent to global cybercrime takes radical multilateralism and implicit trust between dozens of agencies operating across the globe. And it takes prosecutors and judges who understand how serious cybercrime can be.

Done properly, it can work. Canadian law enforcement agencies have participated successfully in major international operations with other agencies. The 2024 LockBit takedown involved the cooperation of at least 10 nations.

Bahr-Gedalia: But international cooperation is getting more difficult, correct?

Finlay: Unfortunately, yes. The structures and relationships that make global law enforcement possible are breaking down as the U.S. withdraws from all kinds of international collaborations, such as UNESCO, Paris Climate Agreement, WHO, and others.   

The Guardian reported in June 2025 that a survey found that voters outside the U.S. are angry at those policies, and their political leaders will increasingly give them what they want, refusing to work with the U.S. and halting the sharing of information with U.S. agencies. This is a major issue. The U.S. government had been a key leader, with the reach and resources to coordinate international efforts. Our bridges are crumbling just when we need them the most.

Bahr-Gedalia: So, what should Canada do in these circumstances?

Finlay: We need a two-pronged approach.

First, we need to invest with renewed purpose in Canada’s cybersecurity capacities across both the public and private sectors. We need to upskill our cyber professionals so that they can meet new threats enabled by artificial intelligence and quantum computing. We need to help our small- and medium-sized businesses learn basic cyber hygiene so they can survive attacks. And we need to build out the cyber capabilities of our federal and provincial law enforcement agencies, which will need more resources as cybercrime surges. Everyone — governments, the private sector, the academic sector — needs to work together on this.

Second, we need to work even more closely with democratic nations that share our values. We must push strongly for joint enforcement and rapid information sharing. We need to help rebuild an international cybercrime deterrent in a more dangerous world.

To learn more about the Canadian Chamber of Commerce’s initiatives on cybersecurity, please visit: Cyber Security Council – Canadian Chamber of Commerce

The post America First Puts Cybersecurity Last. In this New World, Canada Must Evolve. appeared first on HiveInnovates.

As Canada’s first-ever Minister of Artificial Intelligence and Digital Innovation, how are you weaving trust, privacy, and digital safety into the broader AI and digital innovation agenda?

Trust has to be the foundation of Canada’s AI strategy. Canadians need to know their data is secure, their privacy is protected, and that the systems they use are built responsibly. That’s why we’re investing in sovereign data centres and secure cloud services — so Canadians can trust where their information is stored.

We also funded and launched the Canadian Artificial Intelligence Safety Institute to study the risks of advanced AI and make sure those systems earn the trust of Canadians before they’re deployed.

How is your ministry facilitating collaboration between government and the private sector to co-develop secure, responsible AI and digital technologies?

Last November, the Government of Canada launched the Canadian Artificial Intelligence Safety Institute (CAISI) with the mandate to advance scientific understanding of the risks associated with the most advanced AI systems, develop measures to reduce those risks and build trust to foster AI innovation. Yoshua Bengio, is the Chair of the Safe and Secure AI Group at CAISI and he is bringing his expertise and inside look from MILA to this collaborative group connecting academics, industry, and government.

What support are you providing to help small businesses adopt AI safely and responsibly, despite limited in-house expertise?

For small businesses, AI can feel daunting — and trust is key to adoption. That’s why we’ve invested heavily in programs that connect them with Canada’s AI talent, research, and commercialization expertise.

This is where my two roles coincide, where the Federal Economic Development Agency for Southern Ontario plays a role in helping small businesses grow. The goal is simple: give small businesses the tools and confidence they need to scale up and impact our economy.

How is your ministry helping develop a workforce that’s both technically skilled and aligned with Canada’s digital innovation priorities?

Canada’s digital future depends on people. We’re investing in skills so Canadians can not only use AI, but also question it, shape it, and deploy it responsibly. We announced AI-literacy funding to help upskill workers last week in Alberta. Our goal is a workforce that’s not just AI-ready, but trusted by Canadians to use these technologies responsibly and in line with our values.

What initiatives are you prioritizing for next year to link AI innovation with Canada’s commitment to cyber resilience and public trust?

Our focus is simple: innovation must go hand in hand with trust. We will expand Canada’s secure digital infrastructure so Canadians’ data stays protected here at home. We’ll harness the role and expertise of the AI Safety Institute so that advanced systems are tested and trusted before they reach the public. And we’ll strengthen privacy protections to give Canadians confidence that their information is safe in the digital age.

The post Securing Canada’s Digital Innovation: AI, Privacy, and Cyber Resilience appeared first on HiveInnovates.

Kristine Osgoode

Canada Market Unit Lead, Accenture Cybersecurity

With machine identities outnumbering humans and AI agents transforming workflows, identity has become the foundation of digital trust.

Identity security — once seen as back office IT — has become foundational to business resilience and innovation. The rise of machine identities, now outnumbering human ones by more than 80 to 1, combined with accelerating adoption of AI agents across enterprises, shows why identity must be treated as critical infrastructure. Accenture’s acquisition of IAMConcepts in Canada reinforces this point: identity is no longer optional — it is central to competitiveness and resilience.

The rise of machine identity & AI agents

In my 20 years in identity security, I’ve seen the field expand from passwords to biometrics to zero trust. But today, the most urgent challenge is machine identity. These are the digital credentials used by APIs, service accounts, cloud workloads, IoT devices, and increasingly AI agents.

The scale is staggering: machine identities now outnumber human identities by over 80 to 1, with nearly half holding sensitive or privileged access. In DevOps environments, that ratio can exceed 45 to 1, and many organizations expect their identity inventories to triple in the near term. Unmanaged or orphaned machine identities have already been implicated in breaches that bypass traditional controls.

Meanwhile, AI agents are rapidly entering the enterprise. By the end of 2025, 85 per cent of enterprises will deploy AI agents in at least one workflow. Early adopters report 61 per cent workflow efficiency improvements, and the AI agent market is projected to hit US$8 billion by 2025. However, 77 per cent of organizations remain without foundational AI security. These agents, while transformative, add to identity complexity: each must be securely governed to avoid becoming an invisible vulnerability.

5 Key Action Items for Identity Security

Discover and Inventory All Identities: 
Identify every human and non-human identity (NHI), including shadow IT and machine accounts. Many hold privileged access yet remain unmanaged — posing major risks.

Secure Every Identity Type: 
Build a program that addresses all identities — workforce, vendors, IT admins, DevOps, AI agents, workloads, and devices. Include end users, partners, certificates, APIs, and servers to ensure full coverage.

Foster Shared Accountability: 
Create a cross-functional team that combines internal staff with specialized external expertise. Make accountability clear across all parties to break down silos and strengthen identity protection.

Operationalize with Change Management: 
Treat identity as an ongoing program, not a project. Establish strong change management and embed monitoring, policy updates, and training into daily
operations.

Build Trust in AI: 
As AI agents proliferate, secure them with verified identities, limited privileges, and monitoring. Building trust in these systems enables safe adoption and accelerates AI-driven transformation.

Weak identity controls are no longer minor IT flaws — they are existential risks. In an era where machine identities multiply exponentially and AI agents reshape workflows, organizations that embed identity into their digital core will not only stay secure but also gain trust, resilience, and market advantage.

Accenture’s acquisition of IAMConcepts

In 2025, Accenture acquired IAMConcepts, a leading Canadian identity and access management (IAM) services provider, to expand its ability to deliver advanced identity security solutions across key industries in Canada. Since its founding in 2013, IAMConcepts has grown into one of the country’s top Identity Security services providers, serving major banks, insurance companies, higher education institutions, and critical infrastructure organizations. Recognized in the 2024 KuppingerCole North American Leadership Compass for IAM systems integrators, the firm’s local expertise and track record now complement Accenture’s global scale — bringing together global strength with a sharp local focus for Canadian clients. 

Kristine Osgoode, Accenture Cybersecurity Lead in Canada, explains, “By strengthening our Canadian IAM capabilities — spanning privileged access, identity governance, and customer IAM — Accenture is aligning with its broader secure digital core strategy and investments in AI.”  

This acquisition illustrates what Accenture highlights in its State of Cybersecurity Resilience 2025 report: building a secure and resilient digital core is not just a technical necessity but a strategic imperative.  Businesses cannot scale AI responsibly without modernized identity governance, including the management of machine identities.  Organizations that act now-adopting Zero Trust principles and embedding security into their AI-powered transformation-will be best positioned to survive and thrive.  

IAMConcepts is now part of Accenture. 

About Kristine Osgoode
Kristine Osgoode leads Accenture’s Cybersecurity business in Canada. With 30 years of experience in security, business resilience and complex transformations, Kristine is a partner who brings together the talent, ecosystem, innovation and commercial structures needed to reinvent cybersecurity, stay ahead of the threat and regulatory landscape and drive business value.

About Fahad Kabir
Fahad Kabir is the Canadian Leader for Accenture’s Identity Security practice, where he helps organizations strengthen their digital core and manage complex identity challenges. He previously served as the CEO of IAMConcepts Security Solutions Inc., a cybersecurity professional services firm specializing in digital identity and access management, which was acquired by Accenture in 2025.

With over 20 years of experience leading consulting organizations and global systems integrators, Fahad has built a reputation as a visionary in cybersecurity. He has spoken at global conferences on topics such as the future of Identity & Access Management, cyber threats in financial services, and enterprise security program management, and is a published contributor to several industry publications. Under his leadership, IAMConcepts became one of the largest and most respected identity-focused professional services firms worldwide.

Explore how this combined expertise is shaping the future of identity security in Canada by visiting accenture.com/security.

The post Why Machine Identity Is Now Critical Business Infrastructure appeared first on HiveInnovates.

Alex Longval

Marketing and Community Director, Bluink

Identity verification solutions are essential for preventing online fraud, but not all solutions are created equally.

Online fraud is exploding. Digital services are convenient but risky, with fraud in real estate, tax returns, benefits, and banking, causing millions in losses and stress for citizens. Identity verification tools are essential, but many providers store or ship personal data outside Canada, creating privacy risks.

Bluink is a Canadian-built, privacy-first identity verification alternative. It offers fast, remote verification and doesn’t retain personal information, making it a top choice for Canadian businesses and government organizations eager to protect their organization’s security and their clients’ privacy.

Mediaplanet spoke with Bluink CEO Steve Borza and Marketing and Community Director Alex Longval to learn why identity verification is so critical and how Bluink’s eID-Me is helping protect Canadians.

Why is identity verification such a pressing issue for Canadian organizations today?

Steve Borza: COVID brought many traditionally face-to-face processes online, resulting in an explosion of fraud, from people having their houses stolen, to benefits fraud, to car leasing fraud. It costs millions to the Canadian economy and can be very distressing to individuals who are victims of identity theft. Being able to strongly verify identities online makes society safer and services more efficient, by allowing secure digital transformations, versus requiring in person service delivery.

Alex Longval: As businesses make more services available online, fraudsters follow. You have to counteract that with secure identity verification, and that’s what we provide.

What makes Bluink’s eID-Me app different from other ID verification solutions on the market?

SB: Our mantra is processing Canadians’ information in Canadian data centres. Your personal information never leaves Canada when verified by Bluink. 

AL: We build and develop all of our ID verification technology in-house, so we control the process end to end. Nothing is outsourced.

SB: We comply with Canadian privacy laws. Once we verify you, we delete all your information. You’re the only one in control of your personal information, in an eID-Me digital wallet, on your phone, and it’s up to you when and with whom to share it. 

Some competitors retain selfies and ID photos to build databases of so-called “bad actors.” That’s highly problematic. We don’t want to be anywhere near that kind of operating structure. 

Our service also provides a mobile driver’s licence for added convenience.

How can businesses and governments benefit from adopting eID-Me? 

SB: There are so many ways. We provide identity verification for Canada Post to strengthen consumer digital experiences. In the real estate market, our verification system caught a fraudulent $1 million transaction. That was a significant win in stopping identity theft and fraud. One of our larger financial services clients has basically seen no known fraud since they implemented us. We can’t do better than that for eliminating fraud.

AL: We’ve got strong fraud prevention, fraud detection, and security and privacy measures. That’s why the largest title insurer in Canada uses Bluink identity verification to build their clients’ trust and detect fraud.

Learn more at bluink.ca/eid-me/solutions/id-verification.

The post The ID Verification Solution Canadian Businesses and Governments Trust  appeared first on HiveInnovates.

Cybersecurity, AI, and quantum computing are converging, and Waterloo Region is emerging as Canada’s trusted hub for innovation.

Every digital system in the world is about to be tested.

Cybersecurity threats are multiplying. AI is evolving faster than most organizations can keep up. And quantum computing will eventually render today’s encryption useless.

Individually, each of these forces is powerful. Together, they form a trifecta that will change every major industry, from banking and health care to defence and manufacturing.

The stakes are high. These technologies are double-edged swords. AI can detect attacks, but it can also be used to launch them. Quantum computers will break security codes, but quantum cryptography will be the solution.

In this new reality, trust is the infrastructure. And Waterloo Region is where Canada is building it.

Why Waterloo Region

Waterloo Region has spent decades building a foundation of trust, and that experience is now shaping the technologies of the future.

Companies such as BlackBerry, eSentire, and 1Password put Waterloo Region on the map as a centre for cybersecurity. Their legacy of protecting data and systems continues to influence a new generation of startups developing AI applications.

At the same time, Waterloo Region has earned its global reputation as “Quantum Valley.” More than 300 researchers are advancing the field here, supported by two world-renowned institutes — the Perimeter Institute for Theoretical Physics and the Institute for Quantum Computing at the University of Waterloo. Over $1.5 billion has been invested in the ecosystem, and Canada’s $360-million National Quantum Strategy was announced here.

What ties it all together is community collaboration. The University of Waterloo’s Cybersecurity and Privacy Institute, the Perimeter Institute, Quantum Valley Investments, and the University of Waterloo’s Data and Artificial Intelligence Institute create a full pipeline from research to talent to commercialization. An Innovation Arena, the new home of Velocity, the University of Waterloo’s startup incubator, opened its doors last year.

The ultimate proving ground for trust

Every industry will feel the impact of cybersecurity, AI, and quantum computing. Banks will need to protect financial systems. Hospitals will need AI tools that doctors can rely on in critical moments. Manufacturers, utilities, and transportation systems will need digital backends that are resilient against attacks.

The strongest test of trust comes in national defence. Decisions must be explainable and reliable, and the systems must hold up when the pressure is highest. The cost of failure is measured in lives.

That’s why NORAD and the United States Northern Command chose to visit Waterloo Region this year, meeting with 17 startups working on dual-use technologies in ethical AI, robotics, flight systems, and cyber resilience. The delegation had just come from leading AI firms in Silicon Valley, and chose Waterloo Region as its only Canadian stop to see firsthand the innovation happening on this side of the border.

For the innovation hub Communitech, it was also a return visit. Years ago, the same delegation had toured the Communitech Hub as part of a Royal Canadian Air Force delegation. That initial connection led to the creation of an innovation lab for defence-focused startups, which ran for many years inside Communitech. The fact that they chose to return shows that Waterloo Region has earned a reputation as a trusted hub where innovation is not only cutting-edge but also built with responsibility and deployment in mind.

Building tomorrow’s trust today

The digital world is evolving to the extent that cybersecurity, AI, and quantum cannot be adopted without consideration of each other. They are converging into the foundation of digital trust and sovereignty. To stay ahead, businesses need to embed cybersecurity into every layer, ensure AI is explainable and auditable, and prepare for the disruption that quantum computing will bring.

This isn’t only about keeping pace with technology. It’s about earning and protecting trust and maintaining sovereignty in an increasingly uncertain world. And Waterloo Region is becoming a proving ground where companies can build, test, and scale the secure systems the world will rely on.

If you’re looking for a trusted community where you can explore AI adoption, quantum readiness, or cybersecurity resilience, Waterloo Region has the talent, partners, and infrastructure to help you succeed and stay ahead.

Visit communitech.ca to learn more.

The post Trust in a Digital World: Why Waterloo Region Is the Place to Be appeared first on HiveInnovates.

As cyber threats escalate worldwide, Canadian experts are pioneering research, partnerships, and training to protect our digital future.

“Cybersecurity is not simply an IT problem,” says Ali Ghorbani, a Tier 1 Canada Research Chair in Cybersecurity, Professor in the Faculty of Computer Science at the University of New Brunswick (UNB), and Director of the Canadian Institute for Cybersecurity (CIC) at UNB. “Cybersecurity is everyone’s problem. It’s a personal problem. It affects our very private information that we dearly want to protect, and it affects the health and safety of individuals. It’s a business problem, it’s a government problem, and it affects the critical infrastructures that we all depend on. It affects the international relationships between countries.”

Cybersecurity is so broad-reaching it can be hard to quantify.

“Canada’s vital sectors, including health care, energy, finance, education, and retail, are prime targets for cyberattacks,” says Ghorbani. “These industries hold large amounts of sensitive data, provide essential services, and form the backbone of the country’s economy and security.”

Ghorbani adds that their interconnectedness and dependence on digital infrastructure make them especially vulnerable to advanced cyber threats, ranging from ransomware and data breaches to supply-chain attacks and state-sponsored operations.

The cost of cyberattacks

The financial impacts of cyberattacks can be devastating.

In 2024, Canadian organizations faced an average cost of $6.32 million per data breach, with the financial sector experiencing even higher losses, averaging $9.28 million per incident.

These costs extend beyond financial loss, often causing major reputational damage and eroding trust and goodwill, which in many cases have been built over years or even decades. 

“Businesses need to be as concerned with their cybersecurity as they are their financial bottom line,” says Ghorbani. “It’s the same as leaving your house and locking the door. Ask yourself, am I protecting the company? Am I saving the operation?”

He stresses that companies and individuals alike must invest in cyber awareness and education, learning to understand the risks and working diligently to protect against them.

A national hub for innovation and partnerships

UNB’s work in cybersecurity dates back 25 years, beginning with the Information Security Centre of Excellence, and now the CIC. In that time, Ghorbani and his colleagues have nurtured partnerships with government and industry and have worked together to pioneer solutions to the most pressing issues in cybersecurity.

The CIC was the first cybersecurity institute in the country. A world leader in cybersecurity research and development, its efforts also include training, awareness, professional development, and supporting entrepreneurship.

“CIC is unique in the way it partners with industry,” says Ghorbani. “We have a membership-based program where companies of all sizes have access to our world-class researchers. We provide consulting and assessment, and together we develop solutions, including software and new technologies that ultimately protect these companies from attack.”

Seven global corporations are part of CIC’s membership, including Mastercard, Siemens Canada, and Scotiabank.

Collaboration at the national level

In partnership with the National Research Council Canada, CIC established the CIC-NRC Cybersecurity Collaboration Consortium, where researchers work in collaboration to develop cybersecurity solutions and provide training opportunities for UNB-based graduate students and early-career researchers.

Most recently, CIC, with funding support from Public Safety Canada, established a Cyber Attribution Data Centre at UNB to advance national cybersecurity. Along with four other Canadian universities, the CIC also established the National Cybersecurity Consortium, which has received nearly $80 million in funding for cybersecurity research, development, innovation, commercialization, and training.

CIC also offers training programs, short- and long-term academic degrees, and short-term certificates, training Canada’s next generation of highly skilled cybersecurity professionals.

Educating the next generation has become more important than ever — according to a recent National Cybersecurity Network report, Canada is short 10,000 to 25,000 cybersecurity professionals. Those numbers are set to rise. 

Keeping peace in cyberspace

The cybersecurity industry is projected to grow from US$14.38 billion in 2025 to US$24.23 billion in 2030.

“AI is transforming cybersecurity by enabling faster and more accurate detection, prediction, and prevention of threats,” Ghorbani says. “At the same time, it introduces substantial new challenges that researchers must address and solve to ensure secure and trustworthy systems.”

We’re living in a new environment. “Society has moved to the cyber world,” says Ghorbani. “Wars will be fought in the cyber world and espionage will take place in the cyber world. It’s an environment that requires its own policy, practices, solutions, locks, and policing.”

Ghorbani sees Canada’s leadership in cybersecurity as an extension of its national identity. “Canada has always been a peacekeeping country,” he says. “With the right investment and support, we have the capacity to be a leading exporter of know-how solutions for keeping peace in cyberspace.”

Learn more about the Canadian Institute for Cybersecurity (CIC) at UNB.

The post How Canadian Leadership Is Shaping the Next Era of Cybersecurity appeared first on HiveInnovates.

It has never been more important for Canadian businesses to understand the risks of cyberattacks and how to mitigate them.

Cyberattacks on Canadian businesses are on the rise, so much so that it’s not a question of if, but rather when a business will be hit. It can cost impacted companies millions of dollars, not to mention reputational damage. This is why understanding the risk and tapping into the right expertise to help identify mitigation strategies in advance is critically important. We spoke to Jason Grimbeek, CEO of Iron Spear, a Canadian-owned full-service cybersecurity company, for his assessment of what executives need to do to protect their businesses.

How big of a problem is cybercrime?

It’s a huge issue, and with advances in artificial intelligence (AI) and ever-evolving technology, it’s becoming even more of a problem. The sophistication of phishing schemes and AI-driven deepfake criminal activity creates security complexities for organizations.

Are Canadian businesses a target for cybercriminals?

Yes. Our integration into the North American supply chain makes us a prime target. Cyber ransom — where criminals steal data or intellectual property and demand payment — is on the rise. Many businesses underestimate their exposure because of Canada’s size, but that’s a mistake.

What should businesses consider when it comes to cybersecurity?

There’s more to it than just defence and offensive testing for vulnerabilities. Executives need to lead the charge by prioritizing cyber governance, policy development, and cyber maturity — understanding where the organization stands and where it needs to be. Leadership must drive a culture of cybersecurity.

How cybersecurity-ready are Canadian businesses?

We’re lagging our European and U.S. counterparts because the Canadian government has been slow to introduce cybersecurity regulatory controls. Despite this, businesses need to be proactive and shore up their systems.

What is something more organizations can do to protect themselves?

Cyber resilience is becoming a big focus. Successful organizations are the ones that develop business continuity and disaster response plans. People often struggle with business recovery following a cyberattack because they underestimate the cost of lost productivity until they’re hit.

What is the Iron Spear advantage?

We’re technology independent, which gives us an unbiased view. We work as partners, not vendors. Our team of 25 consultants across Canada brings over a decade of experience. We focus on understanding each business and identifying strategies to mitigate risk.

Learn how Iron Spear can help protect your business at ironspear.ca.

The post How Businesses Can Get Ahead of Cybercriminals and Stay Protected  appeared first on HiveInnovates.

In a landscape of ever-evolving cyber threats, Canadian Cyber Threat Exchange is facilitating the collaboration organizations need to stay secure.

Cyber threats aren’t what they used to be. “Cybercrime today is a full-on business,” says Jennifer Quaid, Executive Director of the Canadian Cyber Threat Exchange (CCTX), a member-based not-for-profit. “It comes with a help desk and reviews. Cybercriminals can rent or buy ransomware tools rather than building them. The barriers to entry to becoming a cybercriminal are almost non-existent now.”

Any guardrails one might expect in a legitimate business — for example, companies restricting how AI and LLM systems access certain types of data do not exist in this the cyber criminal environment, according to Quaid. “AI has enabled cybercriminals to do more, faster,  better,” she says. “They’re not operating with any rules.”

From ransomware as a service to AI-turbocharged tactics, cyber attacks have become more sophisticated, more plentiful, and far riskier. “Ransomware is hitting at an alarming rate,” says Quaid. “It’s getting exponentially faster. And AI is making phishing attacks so good that we can no longer rely on the grammar and spelling mistakes to identify a fake or malicious email. As well, impersonation and deep fakes have become a more common issue thanks to AI. 

Against such a challenging backdrop, no single organization can defend themselves alone.

Collaboration is the only way that we’re going to level the playing field with the threat actors.

Embracing collaboration

Today’s cyber resilience needs to have collaboration at its core. “Collaboration is the only way that we’re going to level the playing field with the threat actors,” says Quaid. “It’s a force multiplier for any organization.”

Collaboration plays a critical role in addressing the evolving and persistent nature of cyber threats, and Quaid emphasizes that a cross-sectoral lens is equally important. “Cyber attacks nowadays are sector-agnostic,” she says. “If an attack worked in health care, it’s going to work in education, manufacturing and construction, too. If you’re only talking to organizations in your sector, you may not benefit from advanced knowledge of the attack vector and mitigation strategies.”

Building resilience and security is an imperative for organizations of all sizes. Large organizations are not the only ones being targeted by cybercrime. Small- and medium-sized businesses are increasingly being targeted, the payouts are smaller but less risky and usually easier for the attacker. 

The benefits of membership   

The CCTX has been enabling cross-sectoral collaboration for 10 years, and encourages member companies of all sizes, sectors, and levels of cyber preparedness to participate in its weekly threat calls and specialized collaboration groups.

“We have more than 200 member companies across 13 sectors,” says Quaid. “Our weekly threat calls typically have 60 to 80 organizations joining, and that’s where meaningful collaboration happens because people build trust.” 

The CCTX is constantly evolving to meet its members’ needs in the face of an ever-shifting cybercrime landscape. “While our vision 10 years ago was a technical portal, today the most meaningful exchanges happen live, human to human,” adds Quaid.

Visit cctx.ca to learn more.

The post Collaboration Helps Canadian Organizations Stay Cyber-Resilient appeared first on HiveInnovates.