The IT Nerd

Cybersecurity should be top of mind every day of the year. But it’s highlighted in October to ensure that we all stay safe when online. Here’s some tips from the Canadian Government that you can use to ensure that you stay as safe as possible. Along with that, I have some commentary from industry experts on Cybersecurity Awareness Month.

From Mike Mestrovich’s (CISO) perspective, he believes organizations need to address cyber  resilience and data risk: 

It’s no longer a matter of ‘if’ cyberattacks will happen, but ‘when’.  According to the most recent Rubrik Zero Labs report, 94% of IT and security leaders reported their organization experienced a significant cyberattack in 2023.

Organizations need to adopt a cyber resilience mindset and they need to be developing and practicing their cyber resiliency playbooks to reduce data risk. One of the key components of this is to determine what constitutes critical data and workloads, where those exist and operate, and how those critical workloads and their associated data would be defended and restored in the event of a cyber event. Organizations also need to reduce the attack surface when it comes to critical data.  This involves understanding who has access to critical data and reducing that access to the minimum required. Additionally, organizations should implement a data retention schedule that periodically deletes data that is stale and has not been used or accessed.

From Amit Shaked’s viewpoint (GM & VP of DSPM Strategy, Growth and Monetization), he believes data security posture management should be a priority: 

As AI adoption grows, so does organizations’ appetite for the vast data from disparate sources needed to train AI models. This has also contributed to the rise of shadow data, with more businesses realizing they can’t protect against what they can’t see — leaving them as easy targets when cyberattacks happen.

Increasingly, organizations’ solution to this challenge is the adoption of data security posture management (DSPM): a holistic approach to assessing and managing an organization’s cybersecurity readiness and effectiveness in protecting its data assets. DSPM solves one of the most daunting aspects of data security: knowing where all data is within the organization, and how to secure it. This is a key step to ensure cyber resilience: keeping your data safe even during a cyberattack.

The last year has shown the secret is out: modern organizations must embrace DSPM as a key ingredient in their overall security strategy to reinforce cyber resilience.

Antonio Sanchez, principal cybersecurity evangelist at global cybersecurity software and solutions provider Fortra had this to say:

“In the world we live in we cannot expect others to protect our personal privacy so we must take steps to protect ourselves.

This year for Cyber Awareness Month I challenge everyone to do one new thing that helps protect their privacy and increase security of our digital interactions. 

Here are some ideas to consider: 

• If you use the same password/passphrase for all your sites, then start using a password manager and create unique passwords.  Start with just a few sites to get used to using it and then gradually add other sites with new passwords. 
• If you use a password manager, then increase the number of characters and character types when generating a password. 
• If you have never used multi-factor authentication app then start using one.  Google Authenticator and Microsoft Authenticator are available for iOS and Android, they are free, and extremely popular so there are lots of resources and videos to help people get comfortable with using them. 
• If you have never used a shredder then purchase one and get into the habit of shredding mail or other documents with sensitive information you want to discard by shredding them.  This includes those copies of tax returns that are over 7 years old, those checks that come in the mail from your bank which can be used for balance transfers, and monthly bills. 

There are lots of other examples.  Just stop and think about anything that contains personal data and a step you can take to protect it. 

And one other thing, make sure to freeze your credit reports with Experian, Equifax, and Transunion to prevent someone taking out a credit card or mortgage in your name.”

Jason Lohrey, Founder and CEO of data management company Arcitecta adds this:

Cybersecurity Threats & a New Focus on Recovery

National Cybersecurity Awareness Month is a reminder that as data environments reach hundreds of petabytes and hundreds of billions of files, protecting data will become an increasingly difficult and complex challenge. IT leaders are shifting their focus from backup to recovery as organizations need complete and immediate data recovery with no downtime or, at most, only milliseconds of downtime to prevent criminals from holding a business and its data hostage for days, weeks, or more. New approaches such as continuous data availability represent game-changing levels of protection that actively record every significant change in real-time for every file so a user can go back to any point in time to retrieve data – quickly and without the assistance of IT. Organizations will increasingly leverage continuous data availability technology to protect data from loss and cyber threats.  

Cybersecurity Threats & Data Resiliency

As data environments reach hundreds of petabytes and hundreds of billions of files, protecting data will become an increasingly difficult and complex challenge. Organizations need their data to be resilient and continuously available, with the ability to spring back seamlessly to reduce the risk of critical data loss and the impact of downtime, outages, data breaches, and natural disasters. Achieving data resilience at scale requires a radical new model and one that revolutionizes today’s broken backup paradigm. Traditional backup is independent of the file system, but a better approach is to merge the file system and backup as one entity. In this way, every change in the file system can be recorded as it happens, making it seamless to retrieve lost or deleted data, regardless of when it existed and across the entire time continuum.   

UPDATE: Sam McMahon, IT & Security Senior Manager, Valimail adds this:

“The end of the year is a great time to update and review cybersecurity posture. As we look towards 2025, it’s critical that all companies establish and add AI usage policies to their cybersecurity playbook.

Employees will (and should) seek ways to incorporate AI into daily tasks, but without the proper guidelines in place, this evolving technology can expose a business to unnecessary risk. A well-defined policy empowers employees to leverage AI for increased efficiency, while providing expectations for how and when this emerging technology should be used. This is especially important when it comes to leveraging AI for handling sensitive information.

It is equally important to look into the AI policies of current and potential third-party vendors to understand how your data flows through these systems or how it might be used to train AI future models. AI holds immense potential, but requires a risk-based approach like any technology or vendor a business relies on.”

UPDATE #2: James Cassata, cloud security architect at Myriad360 added this:

“As we head into Cybersecurity Awareness Month, organizations should maintain a strong focus on rising attack vectors when educating system users.

Social engineering continues to be a top human risk, according to SANS.   Although spear-phishing emails and text-based smishing messages are not new, voice-based vishing has become more prevalent.  This is largely due to the gaining use of AI, allowing adversaries to accelerate their efforts when attempting to deceive their targets. Generally speaking, a twenty-second audio sample clip of someone’s voice is all that is needed to clone their voice with Ai. 

The most important advice to give when educating users is to slow down and think, “Does this make sense?”.  Always validate the legitimacy of an uncommon request by reaching back out to that individual using another method of communication, with a face-to-face conversation being the preference.  Another indication of suspicious activity is the sense of urgency that adversaries tend to convey. To me, this is a dead giveaway. Investing in continuous employee training is critical to reinforce the importance of being cautious and vigilant and, most of all, slowing down.”

AI is set to change the way Canadians do business. According to a recent report commissioned by Google Canada, eight in ten (80 per cent) decision makers from businesses that are early adopters of technology agree that AI will make Canadian businesses more productive. The  report also highlights that generative AI has the potential to boost Canada’s economy by $230 billion and could save the average Canadian worker over 175 hours a year. 

The research, commissioned by Google Canada shows that around a quarter of Canadian small and medium businesses (27 per cent) are already making use of AI and machine learning, rising to nearly two thirds (65 per cent) of larger businesses. While many are still experimenting with how to best utilize AI, over half of AI users (53 per cent) said they had already found real use cases, like researching a new topic, helping write an email or document or brainstorming new ideas. Half of SMB leaders (50 per cent) use, or plan to use, AI to save time, 46 per cent to save money, 43 per cent to grow their business, and 55 per cent to work more efficiently.

The shift towards embracing AI will also create new opportunities for Canadian workers. One in five workers (21 per cent) say they already use AI to help them at their job, rising to almost a third (29 per cent) of younger Canadians ages 18-24. To ensure the development and use of AI benefits everyone, Canadians need to be equipped with the skills required to succeed in the workforce. The survey reinforces that more than six in ten Canadian workers (63 per cent) are interested in AI skilling, rising to seven in ten young Canadians (72 per cent).

Here’s what else the survey shows: 

• The AI Opportunity: For the most part, Canadian businesses and individuals already recognize the opportunity AI presents, with nearly three quarters (74 per cent) of Canadians who already use or plan to use AI at their job saying it will help them become more productive.

• Embracing AI: Beyond the clear economic opportunity of the technology,  Canadians are optimistic about the benefits and opportunities AI brings with it. The majority of Canadian adults (59 per cent) are optimistic about the impact technology will have in the next twenty years, rising to 69 per cent of those aged under 35. 
• Upskilling for Productivity: Canadians want to further their knowledge of AI but they say the skills training needs to be focused on practical uses of the technology. For example, 43 per cent of Canadians say they want advice on how they can use AI tools for their job specifically, and more than a third (36 per cent) want to learn how to use AI to automate repetitive tasks in general. 

To learn more about Google’s AI Essentials course, visit HERE.

About the Survey

Google commissioned Public First to anonymously survey 4,086 Canadian adults online between 17-29 June 2024. Responses are weighted by interlocking age and gender, province, and education level to nationally representative proportions. 1,156 senior business decision makers were surveyed between 17th June – 2nd July 2024.  Responses are weighted by province and business size (number of employees) to nationally representative proportions (business count). New economic modeling was used to quantify the economic and social impact of Google for Canada’s individuals, families and businesses.