Canada boasts a strong pool of cybersecurity talent and a federal government that is taking the threats posed by hackers seriously, but in international circles, Canada is still viewed as a “branch plant,” says CIRA’s Rob Williamson.
“We attend a lot of these other cybersecurity events and we’re friends with all those people, but they tend to focus on big international players,” he said.
MapleSEC 2020 is a three-day virtual conference beginning Oct. 5 organized by ITWC with CIRA as its founding sponsor. In addition to some audience participation and moderated luncheon discussions, the lineup of speakers is highly impressive, says Williamson, the Canadian Internet Registration Authority’s product marketing manager.
The lineup includes Jill Clayton, Alberta’s privacy commissioner, members of the FBI, Canada’s Security Intelligence Service, senior private and public sector CEOs, CIOs and CISO, and leading academics – all offering the practical hands-on information organizations can take away to protect their businesses. You can view the complete lineup here.
But perhaps more importantly, MapleSEC’s potential to recreate some of the networking vibes from a traditional tradeshow, is what has Willamson and others at CIRA, including cybersecurity services business unit manager, Mark Guadet, excited. It’s also greatly lowering the barrier for entry for other cybersecurity professionals who couldn’t afford expensive plane tickets and hotel accommodations before COVID.
“In the new work-from-home normal we still need ways to engage effectively, informally, and to meet new people and discover new ideas – and to make sure we’re keeping ourselves and our organizations safe in the process,” he said. “MapleSEC is intended to have some educational elements but also to re-create peering opportunities and to keep them alive year-round. By embracing fully-virtual, we are hoping to give more Canadian technology and cybersecurity professionals the opportunity to be part of the community and share best practices from this new work from home era. In doing so we will help make the entire Canadian cybersecurity community larger and stronger.
“The remote work era has brought with it new opportunities and new risks for workers, small businesses, and organizations of all types across the country. Organizations that have relied on face-to-face contact for business and collaboration have had to adopt new tools and techniques to survive. Even with the growth of the webinars and online meetings over the last 10 years, traditional in-person conferences have remained critical for networking with customers, prospects, partners, suppliers, and media.”
Delivered on ITWC’s proprietary MAPLE-TV platform, the MapleSEC program will be a mix of live and recorded sessions with a choice of at least two moderated table discussions daily where you can make your voice heard.
Also, if you’re wondering why an event like this is important, let’s take a look at some of Canada’s nastiest cyberattacks from 2019, shall we?
- Last August, two people were arrested after a data breach at Quebec’s tax collection agency affecting 23,000 past and present employees at Revenu Québec. Most of the data were names and social insurance numbers. The province said an internal investigation showed the data wasn’t used for malicious purposes or sold to third parties;
- Public and private sector organizations were victims of ransomware. The city of Stratford, Ont., acknowledged paying the equivalent of $75,000 in bitcoin following an attack in April. Toronto’s Michael Garron Hospital was another victim, as were the government of Nunavut and the city of Woodstock, Ont.
- Proof of the alarming new trend of ransomware being combined with data-stealing capability was evident when a Manitoba-based insurance company acknowledged it was hit by ransomware by a gang that threatened to release customer information unless it was paid;
- Organizations were also stung business email compromise scams, where an employee is convinced to change the bank account to where the money for invoices is usually sent. In August the city of Saskatoon admitted it was victimized for just over $1 million. In May the city of Burlington, Ont. acknowledged it was hit the same way; In November, Waterloo Brewing, an Ontario maker of beers, said a staffer wired $2.1 million to a supposed creditor’s account. Organizations must have business controls over verifying requested changes in payment procedure to prevent this from happening;
- The University of Ottawa’s online student news site was temporarily stripped of copy after the site was hacked;
- Attacks through suppliers were responsible for many incidents. Freedom Mobile blamed a third party for hosting an unprotected database with personal and credit card information on thousands of the wireless carrier’s subscribers on the Internet. TransUnion Canada said attackers compromised a Winnipeg leasing company to get access to personal information on some 37,000 Canadians held by the credit reporting agency; Verizon’s annual Data Breach Investigations Report on thousands of incidents around the world, noted that 21 per cent of data breaches are caused by errors, either by employees or third parties;
- Questions were raised about the dealings of some organizations with suppliers. In December the city of Hamilton, Ont., notified residents of a potential disclosure of their personal information through Alectra Utilities, which provides water billing service for the municipality. According to a news report an India-based subcontractor to Alectra had access to customer data it held, and there may have been other subcontractors whose staff could also see personal data. The incident raised questions of consent;
- Nova Scotia’s privacy commissioner blamed the government for not doing enough security testing before making a new provincial Freedom of Information website live, allowing two people to hack the site in 2018 and make off with 7,000 documents including personal information of 740 people;
- Think small businesses won’t be attacked? Consider our report on a Halifax vegan restaurant whose Facebook page was defaced.