Cyber threats are everywhere, but who’s the most at risk?
That’s the question that kicked off a panel discussion that Iceberg attended in Ottawa last night. “Cybersecurity: What Parliamentarians Need to Know and Do” was presented by the Carleton Initiative for Parliamentary and Diplomatic Engagement, with panelists including:
- Fen Hampson, Co-Director, Global Commission on Internet Governance
- Peter Hammerschmidt, Director General, National Cyber Security Directorate, Public Safety Canada
- Jane Holl Lute, President and CEO, Council on Cybersecurity
- Paul Milkman, Senior Vice President, Technology Risk Management and Information Security, TD Bank Group
- John Proctor, Vice-President, Global Cyber Security, CGI
The discussion attracted a diverse audience of MPs, senators, ambassadors, bureaucrats, students and policymakers. The panelists discussed a variety of issues around security, privacy, policy and technology.
Some highlights from the conversation:
- Context: Not all cyber risk events are equal. How do organizations prioritize their resources and focus on threats with the biggest impact? And how can they explain complex technology risk to leaders and executives who don’t have a technical background?
- Scalability: The sheer number of devices and the variety of threat organizations makes it impossible for the public or private sector to address everything coming their way. Paul Milkman said that TD spends close to $200-million each year on cyber security, more than some governments and certainly more than smaller organizations can afford. There is also a shortage of people with the skills needed for cyber security operations.
- Trust: Citizens and businesses don’t have confidence that the government can protect their security online. The panelists discussed challenges around balancing security and privacy concerns. CGI’s John Proctor said that consumers are starting to consider a company’s approach to security when choosing products and services.
- People, process, systems: Having the right technology tools is only part of the puzzle. Organizations also need to put the right processes in place and educate their employees. For example, Holl Lute said that 80-90% of cyber incidents could have been avoided by what she calls “basic hygiene”: simple security safeguards that people and organizations should be following, but don’t.
- Insurance as a driver: As more losses occur due to cyber breaches, insurance companies will look at how effective organizations are at monitoring and addressing risk. Ineffective risk strategies will lead to increasing premiums, which one panelist identified as a potential driver for ensuring better cyber security practices — more so than regulation or official policy can accomplish.
Clearly there’s a need for public and private sector organizations to take a proactive approach to cyber risk, and collaboration is needed both internally and externally between organizations. Iceberg is already working with Canadian governments, financial institutions and enterprises to deliver Risk Intelligence solutions: timely, aggregated, transparent risk data delivered to stakeholders so that they can make confident, informed and effective decisions to protect their customers and drive their business forward. Click here to learn more…