It’s not insignificant that the most recent federal budget in Canada included funding specifically for cybersecurity measures.
As the world moves rapidly into the digital realm — a process that was greatly abetted by the COVID-19 pandemic that pushed many businesses to an online, remote-work model — cybersecurity will only continue to grow in importance. Technology touches every part of our society — from our personal lives to business dealings to national defence and international security. But while we are creating a virtual world, the risks are very real.
Threats are growing
Incidents of cyberattacks are increasing around the world. They are a big part of the war in Ukraine, but these are not a foreign concept to which Canada is immune. Earlier this year, Canadian Security Intelligence Service reported Canadian organizations are victim to thousands of cyberattacks every day, and the threat is growing.
This is fostering growing concerns even as cybersecurity remains a concept that is little understood. According to the EY Global Information Security Survey 2021: Canadian Highlights, three-quarters of Canadian business leaders are reporting an increase in disruptive cyber events over the previous year, with 40 per cent reporting they have never been more concerned about cybersecurity as they are now.
The good news is cybersecurity is a risk that can be managed. The government’s investment of $875.2 million will help in that regard, but it is only a first step.
There is a parallel to be drawn here with when emissions controls were put on cars. There was a time when it was unthinkable that cars could ever be assessed for their pollution, much less be forced to comply with regulations or risk being taken off the road. But then governments moved in that direction, and practically overnight an industry sprang up to service the assessments, reporting and repairs on cars. In short order, it was normalized.
Cybersecurity risk management
It can be safely assumed the same will eventually happen in the cyber space. Mitigating risk in the digital world will become standard practice for industry, business and individuals. The UK already has legislation around risk management for small- and mid-sized businesses in cybersecurity, and Canada is expected to follow. Insurance companies are increasingly asking for cybersecurity management plans as part of business insurance.
But it is not going to happen in a void, nor will it happen on its own.
The key will be using the government’s funding to implement measures that are practical and feasible — and we can’t rely on government to be the only organization working in this field, or to be the one to drive it forward.
The need for a cyber-resilient workforce
The budget measure is a timely signal for small- and medium-sized business and larger corporations to begin building their cybersecurity capabilities and processes to defend against threats and (hopefully) prevent entirely future cyberattacks.
To do this, we have to start by building a cyber-resilient workforce — and this is going to take some effort.
As the pandemic accelerated technology adoption and automation — which by nature increases the risk of a cyberattack — Canadian organizations are struggling to find people with digital skills. According to a study by KPMG, 80 per cent of Canadian organizations say they need more workers with IT skills, and 70 per cent say they are having difficulty filling these positions. This gap is also illustrated on LinkedIn, where more than 3,000 jobs listed in Canada right now are tagged as “cyber.”
We can’t waste any time filling those jobs. The next generation of cyber analysts are ready and waiting to be drawn from a vast and diverse talent pool that includes digital natives, neurodivergent individuals, newcomers to Canada, Indigenous people, veterans, and military spouses.
With rapid and specialized training, they can be in place quickly to help organizations build their own in-house cybersecurity capabilities to protect themselves against a future cyberattack that is all but inevitable.