Why do you feel it is important for small and medium organizations to be thinking about their cybersecurity posture?
SMOs are taking advantage of historically inexpensive yet powerful computer processing and networking systems. They are linked to enormous markets across the country and around the world. With such a broad reach it only makes sense to invest a portion of their technology budget to effectively protect digital assets.
Do you feel the COVID-19 outbreak has slowed the efforts of the bad actors trying to breach Canadian organizations?
On the contrary, the outbreak has encouraged hackers to accelerate their efforts. Many Canadians are now working from home. However, they often are exposing weaknesses in the home network to the business network. This offers tremendous opportunities for the bad guys who generally look for the easiest way to gain entry into corporate networks.
With more and more Canadian organizations setting up a work from home environment, to combat the COVID-19 outbreak, would you say the threat actors are leveraging this as a potential weakness to exploit?
Absolutely, literally overnight, hacking into small and medium organizations in Canada has become a lot easier for hackers.
What do you feel is the primary threat for Canadian small and medium organization today?
The primary threat is full system takeover. The hacker gains internal network access, sets up surveillance for a period of time (weeks, months), then demands a significant ransom. Not only that, they sell stolen data on dark web e-commerce sites to the highest bidders. By leveraging anonymity on the dark web, they can buy/sell digital assets of all types with impunity.
Do you feel implementation of CyberSecure Canada certification could help Canadian small and medium organizations protect their intellectual property from breach?
Without question. CSC certification results in very significant value for organizations, especially in terms of intellectual property protection. For example, one critical Control Area in the standard, Implement Access Control and Authorization, focuses on protection of high value digital assets such as intellectual property.
What would you recommend Canadian small and medium organizations consider when planning to implement the CyberSecure Canada controls?
We recommend establishing an effective implementation plan before getting started. Sometimes organizations have good security practices, but they are not as well documented and communicated throughout the organization as they need to be. One of the great value propositions of implementing a program like CSC is that it enables the organization to establish the foundation for continuous improvements to the corporate security posture.
Do you feel small and medium organizations should seek the assistance of Managed Service Providers when implementing the CyberSecure Canada controls?
Yes. Having a Managed Service Provider (MSP) that understands the CyberSecure Canada certification program assisting with certification preparations is a definite advantage. Even better, having an MSP with the CPCSC designation will fast track the organization to CSC certification with much less effort.
How can Canadian small and medium organizations ensure the managed service providers are trained in the CyberSecure Canada implementation?
Watsec offers a 2-day instructor lead class that reviews all aspects of certification. It is great background not only for Managed Service Providers, but also for individuals in an organization that wishes to become CSC certified. Completion of Watsec’s CSC Practitioner course for Managed Service Providers ensures a solid background for enabling organizations to become CSC certified. Students completing the class and passing an exam attain the designation Certified Practitioner in CyberSecurity Certification (CPCSC) which is gaining increased recognition within the industry.
Would you recommend CyberSecure Canada as a starting point for Enterprise organizations looking to implement a strong cybersecurity defence?
Yes. CSC offers a strong foundation for any organization’s cybersecurity program. It also leads nicely to advanced certifications such as those offered by NIST and ISO.
Do you feel implementing CyberSecure Canada as a mandatory supply chain compliance requirement would help protect Canadian Enterprise organizations?
Many supply chain partners are Small and medium Organizations; hence CSC is an ideal baseline program that every organization within the supply chain should aspire to. It is well known that an exposed weak link in the supply chain can lead directly into others within the chain. In fact, hackers wishing to target large enterprises often focus on weaker suppliers in order to breach the anchor enterprise. The multi-billion-dollar Target breach is a prime example of this.