Executive Director, Canadian Cyber Threat Exchange
Strategic Advisor, Canadian Cyber Threat Exchange
Cybercriminals are working together, sharing information and ideas. Canadian businesses can’t hope to attain cyber resilience unless they do the same.
Security is about community, and it always has been. If you live in a heavily fortified house, complete with private guards, in an area where crime runs rampant, you are less safe in real terms than someone living in a normal home in a nice and well-maintained neighbourhood, someone who may not even have a lock on their front door. Critically, what keeps a neighbourhood safe, more than anything else, is the social bond that values collective security, that provides support for less fortunate neighbours, and that maintains an open dialogue addressing concerns collaboratively. When we’re talking about cybersecurity, the principle is the same.
On the internet, we’re all neighbours
Our digital neighbourhood is quite a lot larger than our physical one; our neighbours may be on the other side of the country. But, with Statistics Canada finding that 21 per cent of Canadian businesses have been impacted by cybercrime, and with Public Safety Canada estimating that this crime causes over $3 billion in economic losses each year, the simple truth is that the best way to bolster individual security is to ensure that all of us are more secure. Enter the Canadian Cyber Threat Exchange (CCTX), a pan-Canadian organization dedicated to helping members address the growing threat landscape collectively.
“Our raison d’etre is to help our member companies build resilience through collaboration,” says Jennifer Quaid, Executive Director of Canadian Cyber Threat Exchange. “It’s exactly the same idea as your local neighborhood watch program. Members come together to talk about what they’re seeing, active threats, what the trends are, what they’re doing about them, and what has helped to remediate.”
…the threat actors are collaborating. They’re working together. So, if we’re not, we’re putting ourselves at a disadvantage.
A cyberattack on one business affects the operations of many others
It’s an all-hands-on-deck approach that ideally extends both inwards and outwards for business security. “Cybersecurity is no longer just the responsibility of the IT department,” says Bob Gordon, Strategic Advisor at Canadian Cyber Threat Exchange. “All business units have to get engaged and think about, for example, the supply chain. That means looking at the security of all the organizations upon which you depend to keep your business operating. We see companies that are out of business for a while not because they were hit by a cyberattack, but because one of their suppliers was.”
With Canadian business so interconnected, and with cyber threats like phishing attacks so ubiquitous and indiscriminately targeted, Gordon emphasizes that it’s a matter of when, not if, any Canadian business of any size faces a threat that impacts them or their supply chain. But that does not mean that disaster is inevitable. Far from it. “That’s when we start to talk about the whole notion of cyber resilience, which also requires a conversation across all business activity,” says Gordon. “It’s about being able to recover from that incident and get back into operation as soon as possible.”
Resilience in community
CCTX sees this resilience in action every week when its member companies come together on a call to share and talk about the threats and incidents they’ve experienced. Working together as a community, the collective experience helps those who have been impacted bounce back more easily. And those who have not yet seen that threat in action become better prepared for the day when they do.
Quite simply, in Quaid’s words: “Collaboration works.”
“It works in most industries,” she continues, “and in cybersecurity, it’s critical. The truth is that the threat actors are collaborating. They’re working together. So, if we’re not, we’re putting ourselves at a disadvantage.”