Fraud Management & Cybercrime , Geo-Specific , Leadership & Executive Communication
Canada East Summit: From Ransomware to Growing CISO Liability
Canadian Cybersecurity Leaders Brace for Changing Security Landscape and RegulationsAt the recent Cybersecurity Summit: Canada East, cybersecurity leaders, industry experts and top executives discussed the surge in ransomware attacks, the integration of AI into security frameworks and growing personal liability concerns for CISOs.
See Also: Effective Communication Is Key to Successful Cybersecurity
With an emphasis on practical strategies, the Information Security Media Group summit focused on the challenges and solutions that cybersecurity leaders need to prioritize in the coming years. Ransomware defense was a major topic.
Ransomware: Lessons From Recent Attacks
Speakers discussed the sharp rise in ransomware attacks over the past year in Canada and how CISOs need to prepare for a response. Aniket Bhardwaj, vice president of global incident response and cyberthreat operations at Charles River Associates, and CyberEdBoard member; Priya Mouli, head of information security and compliance at Sheridan College; and Eric Charleston, partner, national co-leader of cybersecurity at Borden Ladner Gervais, discussed recent high-profile ransomware incidents, including the LockBit attack on London Drugs and breaches affecting Ontario hospitals. These incidents have led to ransom demands exceeding CA$1 million - an increase of almost 150% in the last two years.
Bhardwaj, Mouli and Charleston advocated for a zero-trust architecture and the need for employee awareness and training. Organizations should adopt a proactive stance by conducting regular security audits and prepare incident response plans tailored to ransomware scenarios, the panelists said.
Deepfake Threats and Cyber Deception
In an interactive tabletop exercise, attendees participated in a simulated deepfake incident targeting a corporate executive. Led by Josh Iroko, managing consultant, Mandiant, Google Cloud; and Carl Montreuil, director, federal policing criminal operations - cybercrime, Royal Canadian Mounted Police, this exercise underscored the growing use of deepfake technology in cyber deception and financial fraud. Participants explored the complexities of identifying and responding to deepfakes, which have become an increasingly prevalent tool for cybercriminals.
Executive Liability in the Age of Accountability
The increasing personal liability for CISOs has made it imperative for security leaders to understand and mitigate their risks. Robert Knoblauch, former deputy CISO of Scotiabank; and Imran Ahmad, partner/head of Canadian technology at Norton Rose Fulbright, discussed the rising scrutiny on security executives and shared proactive measures that CISOs can take to protect themselves from personal liability, such as thorough documentation, timely breach disclosures and maintaining rigorous security protocols.
The discussion drew from high-profile cases, including those against executives at Uber and TSB, reinforcing the need for CISOs to ensure a heightened sense of accountability. Knoblauch and Ahmad brought attention to a key message: Leveraging cyber insurance and legal counsel is crucial for shielding security leaders from potential consequences. .
The summit also provided critical insights into the regulatory environment in Canada, with Ahmad; Ruth Promislow, partner at Bennett Jones; Deniz Hanley, Canada CISO and head of technology risk at Morgan Stanley, and CyberEdBoard member, leading discussions on the Critical Cyber Systems Protection Act and the Enhancing Digital Security and Trust Act. These new laws have introduced mandatory incident reporting requirements.
"Canada is feeling woefully behind the U.S. when it comes to critical infrastructure protection and cybersecurity legislation - they're playing catch-up," said Tom Field, senior vice president of editorial at ISMG.
The summit also addressed the vulnerabilities present in modern supply chains. Craig Peppard, CISO at ivari Canada; Fernando Montenegro, senior principal analyst at Omdia; and June Leung, director of identity and access management at Mackenzie Investments, shared insights into securing supply chains against zero-day vulnerabilities. They discussed the importance of conducting rigorous vendor risk assessments, especially in light of recent supply chain breaches such as the MOVEit Transfer and Suncor Energy incidents. The panelists advised attendees to implement advanced security controls and continuous monitoring systems to safeguard critical assets.
"AI use cases are developing. But the good guys aren't putting gen AI to work nearly as quickly or as efficiently as the bad guys. This is a serious red flag," Field said.
Key Takeaways
- AI is transforming both defense and attack strategies, making it critical for organizations to refine their AI tools while addressing associated risks.
- CISOs face increasing personal liability, and adopting legal safeguards and maintaining proactive documentation are crucial to protecting themselves and their organizations.
- Compliance with Canada's new cybersecurity regulations is vital, and organizations must be prepared to meet mandatory reporting requirements.
Join us at ISMG's Virtual Government Cybersecurity Summit Oct. 29-30, 2024. Discover cutting-edge strategies and insights from industry experts to safeguard your organization against evolving cyberthreats.