Cybersecurity is a hot topic given the sustained increase in cyber-attacks and the ongoing arms race between bad actors and the “good guys”. Are there any emerging issues that deserve to be talked about that aren’t getting mainstream attention? 

One issue that is not receiving enough attention is that of cyberattacks evolving from being performed by humans against other humans through the use of technology, to computers attacking computers, with little human involvement. Another important AI and cybersecurity concern is that AI systems can be hacked by feeding them bad data from which to learn – the systems themselves do not need to be compromised to render them impotent or worse.

How can we ensure these systems and technologies remain unbiased if they are written by people and therefore inherently contain their implicit biases?

There are 2 separate issues:

The first is to prevent the AI from making incorrect observations and decisions because it suffers from a lack of complete data, or biased data, for the matters which it is supposed to address. Ensuring that systems are created and tested by diverse teams, as well as that during learning phases systems are fed sufficiently diverse data, can help address such concerns.

The second issue is that AIs may make decisions that society views as inappropriately biased, but which the AI considers being both correct and integral to achieving maximum performance. Addressing such “bias” is a complex ethical matter.

Is it simple enough to say diverse teams can negate the biases spoken about above?

Diversity is not just a matter of gender, race, religion, etc. – depending on the system, it may also be a matter of diversity of opinions, styles of dress, languages spoken, hair color, weight, etc. Because each person is unique in countless ways, there is no possible way to achieve a perfect level of diversity when it comes to people. 

Are you at all concerned about AI making decisions that affect people? Why or why not?

Yes. There need to be checks and balances. There was a situation not that long ago in which an African American man was arrested and falsely accused of a crime based on a faulty facial recognition system identification match. While identification technologies are amazing tools that can help keep criminals off the street – the decision to arrest someone based solely on the AI system’s recommendation was highly inappropriate and perhaps even illegal; tools have to be used properly, and without undermining civil rights.

Within the broader context of cybersecurity and ethics, is there any controversy around implied and expected responses to cyber-attacks powered by AI? 

One of the questions that keep surfacing is whether or not we should allow parties who are under attack to “hack back” – while that has been an issue in our present human vs human era, it will become a much more high profile ethical and legal issue as AIs take over both offensive and defensive cybersecurity roles.

The post Q&A with Joseph Steinberg appeared first on HiveInnovates.

The cybersecurity field is growing at an incredible rate, but it remains quite young as an industry and science. As the cybersecurity industry exits its adolescence and matures into the robust and comprehensive discipline we need it to be, it must grapple with fundamental questions about what security even means in today’s digital world.

Redefining cybersecurity with David Shipley

There are a lot of voices clamouring to be heard in the dialogue that’s shaping the future of cybersecurity. But in such a rapidly-moving field with such high stakes, the most effective ideas quickly rise to the top, even if they’re unorthodox or of unexpected origin. New Brunswick’s Beauceron Security has secured a well-deserved seat at the forefront of this discussion, and CEO David Shipley is championing a decidedly human approach to digital security.

“I’m an accidental cybersecurity professional,” says Shipley. “This was not my plan. I’ve been a soldier, a newspaper reporter, and a marketer for the University of New Brunswick. When the university was attacked by a hacktivist group, I was the one who realized it, and I used my skills to help with the incident response. As a result of that, the CIO asked me to help lead the university’s cybersecurity defence. What I found there, dealing with hundreds of different incidents every year, was that the root vulnerability behind cyberattacks was rarely, if ever, technology. It was always traced back to people, process, and culture. So, I began thinking about the human side of cyber.”

And so Beauceron Security was born, with a mandate to take this idea of people and culture as the foundation of cybersecurity and turn it into something practical, applicable, and measurable.

Empowered people are secure people, a conversation with Ian MacMillan

“I had experience working at IBM on their flagship enterprise security software, and it was exciting to have the opportunity to build something like that from the ground up with a new human-focused strategy,” says Beauceron Co-Founder and Chief Evangelist Ian MacMillan. “We saw an opportunity to empower individuals, not as a liability that you have to protect, but as an asset to protect organizations. By encouraging people to do their part, we actually see a shift where employees don’t just assume that it’s someone else’s problem, and they now have the tools to act when they find a security concern. The byproduct is that the organization is more secure.”

In short, the Beauceron philosophy represents a seismic shift in how to approach the long-recognized human factor in security. If human behaviour is the most significant vulnerability, you can work to lock that down, and remove it from the equation, but that has never worked. What if, instead, you work on turning the same qualities that make people vulnerable into a key component of security resilience?

Putting bold ideas to the test: Measurable results in the security marketplace

In a recent white paper, Beauceron Security emphasized the quantitative successes they’ve seen relative to its competitors in the field of anti-phishing security. At the heart of the initiative is the Beauceron Platform, which actively motivates employees to engage with security and rewards them for doing so through positive feedback and gamification focused on critical behaviour metrics too often overlooked.

“We know that anti-phishing programs are effective and that we can use them to decrease click rates,” explains Beauceron Data Scientist Nicole Bendrich. “But it’s also important to recognize that click rates aren’t the only metric we should be measuring. It’s very easy to get a false sense of security from a low click rate. That’s why we also include metrics like the ignore rate, which the report rate that aren’t necessarily discussed as often but that are really important because they actually show behaviour.”

With phishing attacks, as with all types of cyberattacks, technology can go a long way to securing the defences. But, with an ever-growing volume of attacks, some percentage will always get through. And it’s exactly the ones that get past the AI that a well-trained and engaged human is best-equipped to recognize and address — If they’re not too scared to do so. “Our goal is to put people in control of technology, empower them to be in control of technology,” says Bendrich. “Sometimes users are just not willing to interact with anything at all because they’re afraid of making a mistake. Rather than not engaging at all, we want them to be able to identify if something is a phishing attack, or if it’s spam, or if it’s an email. Then they can move through the world a little bit less scared and more in control.”

When users are well-trained and steeped in a cybersecurity culture that values engagement and active reporting of attacks, they become less timid, and more vigilant, and they take pride in their own contribution to security. The psychological and emotional character of security is transformed from a weakness into a strength.

“There’s a reason why we chose to name our company and our technology after a sheepdog,” says Shipley. “The idea is to turn people from the passive victims of cybercrime, the sheep, into the active defenders, the sheepdogs. It’s not humans as the last line of defence after technology has failed, but as the first and best, with technology playing a supporting role.”

The post When Cybersecurity Technology Fails, Will the Human Element Hold Strong? appeared first on HiveInnovates.

Q&A with Robert Herjavec

Robert Herjavec, CEO of the Herjavec Group spoke to Mediaplanet Canada to celebrate National Cybersecurity Awareness Month.

Read more »

Who Protects the Cloud? And Why Your Business Should Care

Is your company prepared for the cybersecurity risks that come with remote work? Learn how to protect your company and how Trend Micro can help.

Read more »

Can Canada Be a Global Cybersecurity Leader?

Securing Canada’s digital infrastructure has never been more critical.

Read more »

Future-Proofing Cybersecurity Using Quantum Technology

In the era of quantum computing, complexity isn’t enough. We need true randomness.

Read more »

Why Canadian Businesses Need to Beware of Cybercriminals

It’s hard to read the news without noticing the increase in cybercrime. However many ransomware incidents can be mitigated with simple cyber security best practices.

Read more »

The Secret to Cybersecurity Is Open Collaboration

In today’s online world, safety and security are digital concerns. Cybersecurity is a fast-moving field, and Canada can’t afford to fall behind.

Read more »

Women in Cyber: How Deloitte Is Working to Fix the Diversity Gap

Learn how Deloitte’s Women in Cyber campaign is building a community of women cyber professionals to help cultivate more diversity in an industry with millions of open jobs.

Read more »

XDR Cybersecurity Solutions Emerge to Give Enterprises a Lead in the Race Against Threats

In the never-ending churn of cybercrime escalation and cybersecurity products, one security firm is innovating to win the race against threats.

Read more »

Optiv Helping Companies of All Sizes Boost Their Cybersecurity

Most companies know the importance of cybersecurity but can’t find the skilled resources to help. Meet Optiv — the cyber advisory and solutions leader.

Read more »

Game On! Fun New Cybersecurity League Gives Canadian Kids Real-World Skills

CYWARIA League North, the country’s first fully gamified cybersecurity challenge, launched this fall for Canadian students in grades 11 and 12.

Read more »

Cybersecurity Is a Team Sport: Meet Canada’s Head Coach

The Canadian tech skills marketplace is changing. There’s a lot of opportunity, but with innovation proceeding at a dizzying rate across all industries, workers and employers alike need help hitting a moving target.

Read more »

Cybercrime Is Scary, but a Strong Offence Is the Best Defence

Being proactive and people-focused is the most effective protection against online attacks, a leading expert says.

Read more »

What SOC and Security Teams Want to Know About Digital Transformation

With rapidly evolving technologies and work models, digital transformation poses complex challenges for your cybersecurity infrastructure.

Read more »

When Cybersecurity Technology Fails, Will the Human Element Hold Strong?

In the cybersecurity industry, you are only ever as strong as your weakest link. The human element is often seen as the key vulnerability, but one security firm is redefining people as a strength rather than a liability.

Read more »

What Is Cyber Insurance and Why You Need It

As one thinks about the impact and costs of a data breach within their organization, it can be more expansive than most initial estimates.

Read more »

Q&A with Chloe Messdaghi – CyberSec Tech Changemaker

Mediaplanet spoke with Chloe Messdaghi, a tech changemaker in the cybersecurity field. She discusses what it takes to make it in the industry.

Read more »

It Takes Vigilance — and a Village — to Fight Fraud

Isolation may impact our defences against fraud. As the pandemic persists — and as we face colder weather and shorter days — many Canadians will spend more time alone and could become more vulnerable to fraud.

Read more »

Q&A with Joseph Steinberg

One issue that is not receiving enough attention is that of cyberattacks evolving from being performed by humans against other humans through the use of technology, to computers attacking computers.

Read more »

The post Cybersecurity appeared first on HiveInnovates.

What does it mean to be a tech changemaker in the cybersecurity field?

Essentially, being a changemaker is being someone who can’t sleep at night if they know there’s an issue that needs to be fixed. So for me, being a changemaker is working with organizations and executive teams to improve their organizations or the ways they execute things. A big area I’m working on is an organization that I co-founded – “Hacking is NOT a Crime”. Here, we work to push for hacker rights and try to change public perception of the hacker community. We work to get organizations to have vulnerability disclosure policies, and for legislation to be updated as most of it was created in the 80s and hasn’t been touched since. Finally, I advocate and take actions for marginalized genders in security and tech through We Open Tech. We Open Tech is an open community of folks who support one another to support all marginalized genders to obtain any position and title while working in security and tech.

You mentioned that you’re working to advocate for hacker rights. Can you provide more information on this?

The majority of the public doesn’t know that there are two distinct groups – hackers and attackers. Hackers are really just security researchers, but they’ve been labeled as attackers by the media, legislation, and companies. Public perception is that they’re the same thing, but in reality, they use the same skill sets but hackers respect boundaries. Attackers focus entirely on malicious gain.

You believe that information security is a humanitarian issue – can you provide more detail?

Before I went into infosec, I was doing work for tech startups and non-profits in management consulting. I realized quickly that in this role, you really never stop learning.

Right upon starting, I realized that all these conversations are about privacy protection, data, data rights, but also about your security. And I start recognizing at the very beginning of my career in security that non-profits are especially targeted. It’s usually easier, as they don’t have a security team. They’re much more likely to have one person that does IT and does it all. And the problem is that when there’s a breach, and donor information gets out publicly, it makes donors not want to give again. When you don’t have funds as a non-profit, you can’t meet the mission’s goals. When I saw this coming up, I got really concerned about non-profits because we don’t talk about security. We’re more worried about the people that we’re serving, and making sure that we’re completing our mission. This was the eye-opening moment when I realized that this is a humanitarian issue – because there are non-profits that can’t feed people that are starving, or provide medical attention if there’s a shut-down of their services. These are really real, humanitarian issues. This is why I see security as a humanitarian issue.

What do you see as the future of cybersecurity and information security?

These are all things that I hope will happen!

First – I want the representation of marginalized persons throughout organizations. This means C-level and in-board positions. Right now, we’re less than 20% of underrepresented persons, and we want to get it to 50% if we want this. We truly need representation at the top. If we don’t get it at the top, we aren’t going to see it trickled down.

Secondly – burnout. I want every organization in our entire industry in infosec to recognize that we have a problem with burnout. We run on 24/7, round the clock, we never know when we’ll be called and we’re at the edge of our seat. We look at burnout and start having that work-life balance, and everyone is aware that we have to do that.

The last thing – gatekeeping. Gatekeeping is such a huge problem in tech in general, but especially in infosec. Various different groups in the hacking community won’t let someone else join because of background. When it comes to employment, they’re looking for certain years of experience. And so even if the person can do the job, they don’t get it – and that’s gatekeeping.

The post Q&A with Chloe Messdaghi – CyberSec Tech Changemaker appeared first on HiveInnovates.

This National Cybersecurity Awareness Mo­­nth, what message do you have for fellow business leaders?

If I can emphasize one thing it’s that cybersecurity isn’t a luxury, it’s a necessity.

I went on the record saying that 2021 will be the most profound year in cybersecurity in our global history, and it’s no secret that the challenges we’ve faced in the cybersecurity community so far this year have been unprecedented and demanding. While we’ve seen a huge shift over the past year in prioritizing cybersecurity within corporations and even at the federal level of government, we’re still not where we need to be.

I’ve got a question for business leaders – if you’re not investing in a Managed Security Services Provider, a team that’s solely dedicated to the day-to-day defence of your infrastructure, why aren’t you? An investment in cybersecurity is an investment in your employees, your customers, and your company’s reputation.

Today, cybersecurity isn’t just a way to protect and prepare an organization for a potential threat, it’s one of the best business drivers an enterprise can have in its arsenal.

Should the everyday individual be concerned with the topic of cybersecurity?

Absolutely, and I mean every individual. It’s been wild to see the digital transformations happening across all industries over the past few years but think about the progressions when it comes to social media. I mean, we’ve got Gen Z-ers making millions on social platforms like TikTok and Instagram – think what would happen to their self-created businesses if something were to happen to their accounts.

Enterprises and organizations are not the only ones at risk when it comes to cyber-attacks, and that’s a mentality we need to emphasize. A lot of people say, “Why me? I’m just an everyday person. What would a hacker want from me?” Hackers don’t discriminate. They don’t care if you’re a 16-year-old on TikTok, a small local mom-and-pop shop, or a multi-million-dollar enterprise, if you’re online, you’re at risk of being targeted.

Education on good cyber hygiene and safe internet practices need to be prioritized at home, in schools, and in corporations of all sectors and sizes. Just like you previously mentioned, October is Cybersecurity Awareness Month, and at Herjavec Group it’s our goal to provide everyone with resources, tips, and training on how we can all do our part to be cyber smart!

 As our ecosystems continue to accelerate their digital and cloud transformations, what steps can government take to ensure we improve security outcomes?

Innovative, modernized, resilient, agile, and citizen-centered transformations are what governments need to focus on. We must break away from outdated methods and perspectives – especially in government sectors. Cybersecurity is constantly evolving, and it’s imperative we evolve with it. The same way you can’t try to make old business models work in conjunction with new technology, archaic methods of cybersecurity won’t cut it when defending against modern threats.

When it comes to digital transformations, cloud computing is going to be huge over the next few years, and for most, this is a fairly new concept to grasp – it’s complex and the vulnerabilities and threats vary depending on the specific needs and uses of each organization and individual. Therefore, hiring top industry talent is a crucial step that governments need to be taking.

Over the course of the past year, it’s been great to see governments putting more resources into cybersecurity, because like I mentioned, it’s not a luxury, it’s a necessity! Governments need to tap into external ecosystems to support their digital transformation needs by working with the private sector and cybersecurity firms.

With the rise in nation state and ransomware attacks, we’ve seen throughout the course of the pandemic, there’s too much on the line. The best way to protect our citizens, our data, and our nation is to modernize our cybersecurity approaches and build a more resilient, scalable, and secure infrastructure.

Cybersecurity is often seen in terms of the cost of mitigation. How is this perception changing and how can businesses leverage cybersecurity as a primary business driver?

A resilient cyber-defence system is an expectation from a customer standpoint in every industry, and it should be from a business standpoint as well. When it comes to business, it’s all about the customer. It’s your job to build that trust and ensure your customers feel secure. If there’s a choice between a company with a resilient cyber-defence program and one without, who do you think the customer is going to go with? The worst time to decide how to handle any kind of cyber-attack is after it’s happened, so you need to make sure your customers know they’re in good hands if something happens and their personal data is on the line.

The perception of cybersecurity as a business driver is changing in a positive way, but we need to continue to drive that home. You should always be thinking about what you can do to build trust with your customers. So, not only should you deploy a cyber-defence program within your business, but you should also educate your customers on exactly what having a resilient cyber-defence program means:

Transparency is key. A lot of people may not know exactly how cybersecurity works and what can happen if there isn’t a secure structure in place. Cybersecurity isn’t just an IT problem, it’s something that everyone needs to care about, and as a business leader, it’s your job to drive that home and sell it.

18 years on from the founding of the Herjavec Group, what has your extensive journey to the top of the cybersecurity and entrepreneurship worlds taught you? 

When it comes to cybersecurity, I’ve learned that the only thing that stays the same is constant change. Change in environment, threat landscape, technology, threat actors, solutions – you name it. We must always be looking for what’s next and continue to scale to the needs and demands of our customers and environment. Successful cybersecurity will always require a method that balances an innovative, cutting-edge approach with data-driven, proven best practices.

When it comes to entrepreneurship – dream big, and once you’ve done that, dream bigger. But also know that dreaming alone isn’t enough. Be willing to put in the work to make those big dreams a reality. If you know me, you know I love cars and I love golf, but give me a free afternoon and I’d rather work than race cars, play golf, or do anything else.

I mean look at those numbers. It’s been 18 years of persistent hard work, sacrifice, and dedication to get Herjavec Group to where it is today – it doesn’t happen overnight. But if you’re willing to put in 120% day in and day out, there’s no limit to what you can accomplish.

 In the ‘State of Ransomware 2021’ report, the average cost of recovery associated with a ransomware attack in 2021 has nearly doubled since last year. Why do you think ransomware attacks have become more targeted and sophisticated?

In simple terms, ransomware attacks have become more targeted and sophisticated because the events of the past 18 months have combined to create the perfect cyber threat storm. Cyber criminals aren’t dumb. They’re motivated by money and can see a predatory opportunity when it presents itself. Unfortunately, ransomware is both a lucrative business for skilled hackers and the perfect malware to take advantage of situations like the pandemic and the rapid digital transformation that most enterprises and individuals experienced. As technology continues to become more advanced, so do hacker’s methods of attack.

The pandemic has opened doors for hackers – they take advantage of vulnerable situations like COVID-19. With so many of us working remotely, we don’t have the same protections we once did in an office building. We’ve seen a transition of larger scale, more generic automated attacks to more personalized, hands-on targeted attacks. Take phishing emails for example – all it takes is clicking on a link or an attachment for your data to be compromised. Simple yet sophisticated methods like this take advantage of the fear surrounding the pandemic and the growing attack surface due to remote work environments. As a result, the frequency and cost of ransomware attacks have skyrocketed.

For businesses concerned about the destructive potential of ransomware attacks, what do you suggest is the best response to active incidents and their prevention in future?

A huge misconception when it comes to cybersecurity is that having a resilient cyber-defence program and team in place will eliminate any risk of a breach occurring. The truth is, there is no such thing as a perfect cybersecurity program. This is to say that even with the most resilient program in place, there is still a risk of a breach. What differentiates a truly comprehensive cybersecurity program is not only its ability to prevent an attack, but how quickly it is able to detect, respond to, and remediate a successful attack. Like I said before, you can’t figure out your strategy on how to handle an attack after it’s already happened, you have to be prepared 24 hours a day, seven days a week, 365 days a year.

When it comes to cybersecurity, humans need to be trained. I always say individuals can either be your greatest first line of defense or your weakest link. Business leaders need to make sure their teams are properly educated so every person on their team at every level of the organization practices good cyber hygiene and knows how to identify and deal with a potential breach. Employ awareness training for your teams at least a couple of times a year. Make sure your employees know how to spot a “phishing” email and other malicious activity. And implement companywide policies and processes so everyone knows exactly what to do if they experience a breach. From an individual standpoint, it’s important to stay on top of mundane tasks. Run regular data backups and antivirus scans on your devices, make sure you’ve got multifactor authentication set up on all platforms you have access to, update your passwords regularly, and always be on high alert.

When it comes to links and attachments in emails, ask yourself a few key questions before engaging:

The more prepared each of us is, the more protected we will be.

The post Q&A with Robert Herjavec appeared first on HiveInnovates.

As one thinks about the impact and costs of a data breach within their organization, it can be more expansive than most initial estimates. It goes beyond repairing databases and other infrastructure or taking steps to remediate and fortify an organization’s security posture. For many sectors of the economy, there are regulatory and public opinion implications that may be significantly more difficult to fix or address. If there is a financial loss due to a data breach/ransomware attack, traditional insurance coverage likely will not provide appropriate financial reparations.

What coverage does cyber insurance provide? 

Regardless of the legal and regulatory requirements, organizations have an obligation to keep their customer data protected. In the case of Protected Health Information (PHI) & Personally Identifiable Information (PII)), companies may face potential liability if the information is exposed in a data breach. A cyber-insurance policy will generally protect companies against liabilities and will reimburse for expenses related to a data breach (may include: legal costs, a digital forensics investigation /Incident Response, and crisis management). There are different kinds of policy coverages, it is important to work with your insurance policy stakeholders to determine you have the right cyber coverage in place.

Current cyber insurance market conditions

The threat landscape globally for organizational data has never been more at risk. For every dollar spent on cyber coverage, the insurance industry is paying our three dollars – in short, it’s a losing proposition. Insurance companies, in many cases, are partnering with clients to ensure that data protection and cyber security are top of mind for corporate policy-makers. The industry may support activities such as vulnerability assessments and penetration testing to ensure that a standardized security posture is in place. Given the current financial landscape for cyber insurance coverage insurance companies are faced with either supporting customers to ensure that rigorous data security measures are in place or they exit the market. 

At the end of the day the customer must own the responsibility of providing reasonable and effective security measures in protecting organizational and client data and it will be incumbent on the insurance industry to practice due diligence in assessing whether an existing or potential customer is permitted to purchase a cyber insurance policy. It is important to note, this is an evolving model where transparency and framework compliance will help mitigate risk and provide a value proposition to both the insurance company and the customer.

The post What Is Cyber Insurance and Why You Need It appeared first on HiveInnovates.

A sleek new gaming platform lets Canadian teens develop their cybersecurity skills as they compete for prizes and test-drive a career in this thriving industry while still in high school.

CYWARIA League North, the country’s first fully gamified cybersecurity challenge, launched this fall for Canadian students in grades 11 and 12, except those in Quebec. Registration is open until Oct. 11, 2021.

Its platform features a sleek interface where the challenge details are shared through immersive videos, intel, notifications, and more.”

“Fighting cybercriminals is thrilling, which makes it the perfect premise for a video game,” says Tyson Johnson, CEO of CyberNB, a non-profit Canadian cybersecurity industry organization that partnered with CYBERPRO Global, a cyber education and training provider, on this unique initiative. “But it’s also an incredibly valuable skill set that can lead to high-paying and exciting work in a booming sector. We wanted a fun and realistic platform to get kids and their parents thinking about this highly-lucrative and promising career path.”

Aligning schools, skills, and jobs, CyberNB is empowering the next generation by spearheading initiatives that connect education and training through partnerships to deliver cybersecurity curriculum. These include Cisco’s Networking Academy in New Brunswick schools and upskilling programs like Cyber Bootcamp for people with non-technical backgrounds that are designed to narrow the digital skills gap.

With nearly 90 percent of Canadian kids playing video games, the league is a great way to turn screen time from a time-waster to an opportunity to build real-world skills for a quickly-growing industry. In Canada, cybersecurity represents $1.7 billion in GDP and employs over 11,000 people. And for youth, it’s an exciting, no-risk way to test out the industry.

“This is your opportunity to view it before you do it,” says Connor Brewer, a 20-year-old security developer at Difenda, a leading Microsoft North American cybersecurity company, working out of their new office location in Fredericton, NB, and a student in the University of New Brunswick’s Bachelor of Computer Science program.

He gives CYWARIA League North high marks for its resemblance to his actual work of tracking down cybercriminals and defending networks and data.

The year-long program kicks off in late October, when participants will receive their first of 12 monthly challenges, each closely mirroring the current cyber threat landscape. There’s lots of support along the way, with videos, tutorials, and other resources to help them solve the competitive campaign. To add a little extra incentive, students compete for monthly prizing and for a shot at the grand prize awarded at the end of the series.

Brewer also likes the game’s focus on “blue team,” or defensive strategies. While “red team” cybersecurity professionals work on the offensive to attack systems and identify vulnerabilities, Brewer says that in Canada and the U.S., the vast majority of roles are defensive.

“The real work, day to day, is going to be on the blue team,” he says. “Defending is the most critical thing for North America. That’s our focus.”

Along with the real-life nature of its challenges, Brewer was impressed with the game’s design. Its platform features a sleek interface where the challenge details are shared through immersive videos, intel, notifications, and more. Participants can check their scores, badges, and timers on the dashboard, while the national leaderboard tracks everyone’s standing.

CYWARIA League North isn’t just for hardcore gamers or technical whizzes. It’s open to any student with a laptop or PC, solid internet connection, and basic computing skills. For Brewer, who found his way to cybersecurity through math and computer science, there’s “a position for everyone” in the industry. He encourages anyone who loves problem-solving and the thrill of the chase to give the league a try.

“At the end of the day, the biggest thing that you can do in life is just to seize every opportunity,” he says. “I wasn’t technical in high school, and I would have jumped in.”

And for those competitors like Brewer, who find they love the thrill of the hunt and want to pursue future opportunities for a career in cybersecurity, CYWARIA League North is a great platform to showcase their growing, in-demand skills. There are currently over 8,000 open cybersecurity roles in Canada, ranging from small and large companies to government and working with police and military to combat cybercrime and protect against nation-state attacks.

“Not only is it a fun game, but it’s also an opportunity to give yourself great exposure to these big companies who are looking to build the next generation of talent,” Brewer says. “It’s not just high schoolers playing with high schoolers. Companies are watching.”

The post Game On! Fun New Cybersecurity League Gives Canadian Kids Real-World Skills appeared first on HiveInnovates.

Isolation may impact our defences against fraud. As the pandemic persists — and as we face colder weather and shorter days — many Canadians will spend more time alone and could become more vulnerable to fraud.

Research from Interac Corp., a leader in digital security and authentication, demonstrates that over half (55 percent) of Canadians worry that increased isolation during the pandemic is making people more susceptible to fraud. Meanwhile, data from the Canadian Anti-Fraud Centre shows 23,842 reports of COVID-19-related fraud between March 6, 2020, and June 30, 2021.

Rachel Jolicoeur, Fraud Prevention and Strategy Director at Interac, says that Cyber Security Awareness Month is an opportunity to give Canadians the tools and support they need to fight back against the fraud threat.

“The best way to combat isolation is through community — and making that connection with others is critical when it comes to fighting fraud,” says Jolicoeur. “Fraudsters always look for new ways to force Canadians to react in the heat of the moment. This pressure can be compounded when we don’t have a friend, family member, or neighbour we can turn to for a second opinion.”

Use your voice to help others

According to Jolicoeur, we can counteract the impacts of isolation by sharing our fraud experiences with others. We should look for opportunities to educate widely on any scam attempt we have faced and what could have been done to stop it.

“I always say that it takes a village to stop fraud. It also takes vigilance. Think about those in your life and reach out to them to share your experiences. Let them know they can talk to you if faced with requests for information that appear suspicious. At Interac, we advise Canadians to Stop, Scrutinize, and Speak Up. Ask others not to react in the moment — if they’re being forced to respond quickly, that’s a telltale sign of fraud. Take a moment to pause and listen to your instincts,” says Jolicoeur.

Investing in secure innovation

As Canadians, we all have a responsibility to help combat fraud — including the business community. For its part, Interac works to keep Canadian customers safe and secure when transacting through the company’s investment in world-class privacy, fraud mitigation, governance, and digital identity and authentication expertise.

“We take our responsibility to protect Canadians seriously. For example, Interac e-Transfer® users are protected by multiple layers of security, making the service one of the most secure money transfer services globally. Enhanced features have been designed with security in mind — including Interac e-Transfer Autodeposit, which we encourage Canadians to use as it allows transactions to be automatically and conveniently deposited into your bank account,” says Jolicoeur.

Interac and Interac e-Transfer are registered trade-marks and the Interac logo is a trade-mark of Interac Corp. Used under licence.

The post It Takes Vigilance — and a Village — to Fight Fraud appeared first on HiveInnovates.

Is your company prepared for the cybersecurity risks that come with remote work? Learn how to protect your company and how Trend Micro can help.

During the pandemic, cloud adoption was accelerated at a rate never seen before — but moving to the cloud quickly without considering security could be leaving companies vulnerable.

According to a recent study, cloud data centres will process 94 percent of all enterprise workloads in 2021. This is due to the many benefits that the cloud brings to companies, including reduced IT costs, automated upgrades, scalability, collaboration efficiency, and flexible work practices — like working from home — which are all key during a pandemic.

This shift to remote work during the pandemic has resulted in a 238 percent increase in global cyberattacks. This statistic comes from a recent report released by HP and KuppingerCole, an international, independent analyst firm, which assessed remote work and its cyber risks.

Holding businesses responsible for their own security

As organizations embrace cloud digital transformation, there are also cyber risks to consider.

“A common misconception is the fact that security is the cloud service provider’s responsibility,” says Antoine Saikaley, the Canada Technical Director at Trend Micro, a cybersecurity giant that currently protects over 500,000 enterprise and commercial organizations. “Organizations using the cloud need to understand that security is actually their responsibility and need to ensure that their applications and data are secure.”

The good news is that tools exist to make cloud security more integrated, easier, and a lot more effective than many IT leaders believe. Finding the right security partner now is more important than ever.

While it protects people and organizations from all over the world, Trend Micro is also deeply invested in Canada — with over 300 Canadian employees in four locations and three out of seven of its cloud services being researched and developed locally. This allows Canadian businesses to protect their existing on-premise infrastructure and devices, as well as their cloud environments — all under one platform.

Every employee plays a role in security

“Businesses that are unprepared for remote work may see an increased risk of corporate or customer data being stolen by hackers,” says Saikaley. “For example, security management consoles that relied on devices being connected inside the network perimeter will lose cyber threat visibility and control with devices at home with no connection to the corporate network.”

A recent study by Trend Micro, Cyber Risk Index 2021, found that 84 percent of North American organizations are likely to experience a data breach of customer records within the next 12 months.

As well, the study from HP found that 70 percent of workers will access their work devices for personal use due to remote work — including for gaming, using streaming services, and online learning, or homework — which will further put these devices, and the company itself, at risk for an attack.

In addition, Saikaley points out that over 90 percent of breaches start with a phishing email and notes the importance of companies having an awareness strategy to ensure that employees gain an understanding of what phishing looks like.

Phishing attacks are designed to trick victims into revealing personal information, like work passwords, and can lead to exposing devices to harmful ransomware or viruses, impacting company finances and brand reputation. These attacks can mimic websites or emails that you already access, like streaming sites, gaming sites, or even banking sites. As a result, attackers can gain access to private, sensitive information from companies through their employees.

This means it’s important for an organization to train everyone, whether they’re a security leader, an employee working at home, or even a board member, on cybersecurity risks.

How trend micro can help

A challenge many organizations face is that the cloud isn’t simple, and many of the technologies that make up the cloud are new, with new features being deployed all the time. Understanding how these work and — more importantly — how to secure them can be difficult.

Utilizing a security platform approach can help build your cloud to be more secure, but educating your architects and administrators will also help. One key area is hardening your cloud account credentials, as these will be regularly targeted by malicious actors. Using multi-factor authentication to access all accounts can minimize this risk tremendously.

“The Cloud One platform is ideal for organizations or businesses that are migrating to the cloud,” says Saikaley. “It provides enhanced visibility, detection, and response, and ensures that regulated workloads are meeting compliance and are protected, and that infrastructure misconfigurations are remediated promptly.” While businesses must modernize with software as a service (SaaS) based deployments to provide protection, they also need to supplement that security by achieving user, device, and cloud application risk insight through continuous risk monitoring such as with Trend Micro’s Zero Trust Risk Insights service — plus additional visibility, detection, and response.

With an increasing amount of cyber threats every day, it’s important for businesses to be prepared for any risks they might face. By combining a strong security strategy that encompasses all levels of an organization, a market-leading cybersecurity platform and world-class threat research, businesses can become more resilient in the new post-pandemic world.

The post Who Protects the Cloud? And Why Your Business Should Care appeared first on HiveInnovates.

In the arms race between cybersecurity and cybercriminals, we’ve always relied on complexity trumping computational power. In the era of quantum computing, complexity isn’t enough. We need true randomness.

A good random number is hard to find. Humans are famously bad at generating and identifying randomness and, surprising as it may be, traditional computers are even worse at it than we are. And yet, just as with a combination lock, randomness is a fundamental building block of modern digital encryption. Without a good source of pure randomness, even our strongest cybersecurity measures have a critical flaw that leaves them vulnerable to the rapidly accelerating march of computational power.

“When an algorithm generates a random number, almost by definition, you know that it’s not really random – it is deterministic by nature because it has been created by a complex formula behind it,” explains Francis Bellido, CEO of Montreal-based firm Quantum eMotion, the only public quantum random number generation (QRNG) company in the world. “So there’s a pattern. It’s extremely complex and the sophisticated encryption keys could take hundreds of years to crack with the best computers today. But now we have the threat of quantum computers, which have already in the prototype stage increased calculation capacity millions of times over. With this kind of capacity becoming mainstream in four or five years, it will be possible to crack any existing encryption system one way or another. It’s another level of threat.”

With cyber criminality increasing fourfold over the course of the pandemic, it’s become clear that we can not rely on winning the arms race of computing power. The only way to future-proof our cybersecurity is to remove the computational element altogether with encryption seeds that are incalculable because they are truly random. But where do we find these pure random numbers?

The quest for true randomness

In the world of computing, there is actually a long history of bizarre-sounding schemes to generate randomness. Your computer today will sometimes use inputs like mouse movement and fan speed to salt randomness into its algorithms. At tech companies, it is surprisingly common to find something like a camera pointing at the foliage or even a lava lamp to track chaotic movements, so desperate are we for random numbers. And even still, these awkward systems are trading primarily in complexity, not true randomness.

“In Newtonian physics, there is nothing random, every single physical phenomenon is deterministic,” says Bellido. “The only way to get pure true random numbers is to rely on quantum mechanics. What we have developed is a tunnel junction which we bombard with electrons and measure the quantum tunnelling effect. It is purely random, what we call in physics a source of pure entropy.”

The idea of quantum random number generators (QRNG) is not new, in and of itself. Indeed, systems using Geiger counters to measure the quantum decay of radioactive materials have been popular among the esoteric kludges used over the decades. But those present obvious problems of safety and portability. This is different.

A system is only as secure as its weakest link

“The junction itself is extremely small, 10 microns across,” says Bellido. “You can put that on a microprocessor. It will fit in a USB key or on a chip in your phone, making it completely uncrackable. The simplicity of our technology means it is very versatile and can be miniaturized. That’s going to be very important because it’s our vision that in the future, every device that connects to the Internet should have a QRNG. Because, after all, every time you connect a device to the Internet, you are creating a new door for cybercriminals to enter your home or business.”

As the world of computing continues to be transformed in the quantum era, future-proofing those doors is going to require the kind of locks that only true randomness can provide.

The post Future-Proofing Cybersecurity Using Quantum Technology appeared first on HiveInnovates.