A new tool for small businesses in the fight against cybercrime

The federal government has unveiled its National Cyber Security Strategy, with which it will establish a voluntary, recognizable certification intended to enable small- and medium-sized enterprises (SMEs) to demonstrate to both businesses and consumers that they meet a baseline set of security practices.

As part of a renewed cybersecurity framework, Innovation, Science and Economic Development will establish the voluntary certification, Public Safety Canada (PSC) said in a backgrounder Tuesday. “Consultations with industry, SMEs, and potential certification bodies will help design a program that meets their needs, and ensure that accessibility and ease of use remain paramount features of its design.”

The federal government will invest $500 million in new funding over the next five years.

“The cybersecurity plan put forth by the federal government is a step in the right direction to improve cybersecurity security and protect customers,” Don Duncan, security engineer for Vancouver-based NuData Security, told Canadian Underwriter Wednesday.

Noting that the “human element” plays a key role in cybersecurity protection, Duncan said that “processes need to be developed to ensure that employees are adequately trained and able to respond to cyber threats.”

With many organizations in Canada operating independently, sharing cyber intelligence can help in the event of a cybersecurity incident. “The role of technology to efficiently identify threats in real time helps to detect and respond faster and more efficiently,” Duncan said. “At the same time, sharing intelligence also helps in these instances as many organizations are operating independently. Today’s multi-layered technologies that include behavioural biometrics and machine learning help to address the talent shortage as these attacks increase over time.”

PSC said that SMEs in Canada are not adequately protected against cyber threats. Approximately 71% of data breaches in Canada involve an SME, which make up 98% of all Canadian businesses.

The federal government’s cybersecurity strategy will consolidate federal cyber operations into the new Canadian Centre for Cyber Security, which will provide a “single window” for expert advice and services for governments, critical infrastructure operators and both the public and private sector to strengthen their cybersecurity. It will be led by Scott Jones, who is currently responsible for the IT Security Branch at the Communications Security Establishment.

A new National Cybercrime Coordination Unit in the RCMP will support and coordinate cybercrime investigations between police forces across the country.

A recent study from cybersecurity company Kaspersky Lab found that North America is the most expensive location for an SME to suffer a data breach (US$1.6 million in 2018), with SMBs in Canada and the United States also having the highest recovery cost (US$149,000 on average).