Peter Sloly, executive director with Deloitte Canada and former deputy chief of the Toronto Police Service, offered up his perspective on the role of justice in cyber security. He outlined some of the major shifts in not only the nature of crime today (every crime is in essence a cyber crime) but also in the way law enforcement and corporations are responding to it. “Everything is changing. The technology is changing. Your budget is never going to be big enough,” he told Focus On Cyber Security attendees.
He discussed new paradigms that are changing the fundamental ways in which information and security are handled and how technologies like artificial intelligence and robotics are altering the way we interact with the world and each other. A takeaway from Sloly’s presentation was the degree to which partnerships have become so important — particularly P3s that bring together public and private institutions for mutual benefit.
Sloly was followed by Colleen Merchant, Director General of National Cyber Security at Public Safety Canada, who joined the event from Ottawa via video-conference. Merchant outlined Canada’s cyber-security strategy and how a major consultation process, which was conducted last year, is helping to shape national policy. She also spoke about the range of threats Canada is experiencing. “The sophisticated and the non-sophisticated actors can be very effective in conducting malicious cyber operations and cyber crime,” she said. “This is complicated by the fact that attribution is very difficult. It’s very hard to identify the origin and the intent of some of these cyber attacks.”
View Colleen Merchant’s presentation here (registration required).
The final speaker of the day was Craig Barretto, president of the Toronto chapter of (ISC)² and lead consultant at Nexgen Security. A penetration tester and ethical hacker, Barretto pointed out that information can easily be accessed as a result of people’s carelessness or lack of training. Passwords are often simple to guess — Barretto claimed an 80 per cent success rate in password cracking — because of the tendency to fall back on conventions like using dates and years as easy-to-remember passwords, or even popular standbys like "password123."
“From a pentester’s perspective, generally anything I break into is: a person is lazy, a person doesn’t know, or chooses a really bad password,” he said. He also urged attendees to review standards compliance as a bare minimum in terms of data security, arguing that policies should go the extra mile if a company or individual aims to increase the integrity of their information.
Focus On Cyber Security sponsors, Axis Communications, Rogers Communications, DarkTrace, Genetec, Trustwave and Cyber Security Canada delivered case study presentations, outlining technology and best practices than can help keep data safe. The event was also supported by Final Image and Sandvine.
Two more Focus On sessions, Drones and Health Care Security, will be offered in 2017.
View the embedded image gallery online at: