Cybersecurity in Canada : Failure to Launch

"We're expanding because more companies are reading what's happening in the news and saying, '

We don't want that to happen to us'."

"Originally, only big budget firms with very sensitive data would hire us. Now 100-employee firms are buying our services. They don't want the interruption, the brand damage or the financial losses. Insurance can cover the financial losses but it won't help with the stress and brand damage."

"There was a really good excuse initially to say, 'I'm not a  target' because the first attacks were about extracting information and selling it to someone else. But then when ransomware came about, that flipped the whole business model on its head. It locks you out of your data and prevents you from operating your company. So it's not what it's worth to someone else but to yo, so you can get it back.:

"The talent in the industry is finite right now, so it's an employee's market to some degree. We were leery, trying to build what we could in this company, so we wouldn't end up in an arms race and just buying talent."

"But at the same time, you cannot build a senior-tenure pedigree person with a high school diploma and six months' training. So you have to pick your battles and where we build anything, we build our junior resources, those entry-level positions, and we've seen some good success with that."

Chris Johnston, co-founder, CEO, Bulletproof, cybersecurity firm, New Brunswick

"The bad guys have not only become sophisticated, but they also don't necessarily differentiate between x and y, this group or that group. They basically build techniques to take advantage of seniors, kids, financial institutions, critical infrastructure, anything you can think of. They want more money, or they have political causes or other reasons."\

"No one thought that the pacemaker in your heart would be a cybersecurity issue. Now it is. Because many medical devices are prone to attack. Even my watch can be attacked. Anything you can think of that's connected to the internet can be hacked."

"The labour shortage is in everything. It's a huge challenge. The projection is that in six or seven years, we'll need 40 percent more in the cybersecurity workforce worldwide. And that's much higher than any one country is graduating into this field."

Ali Ghorbani, dean, computer science faculty, University of New Brunswick; director, Canadian Institute for Cybersecurity

Cyberattacks evolved from extracting information and selling it to Ransomeware, which holds companies hostage. Photo by Getty Images

 

There is a concern that as the risks of cybersecurity spread and enter new realms, become more common and more disruptive where public institutions like hospitals and universities are targeted, along with retail giants where personal information is hijacked, company finances and reputations are at risk, and the same goes for public utilities, the illegal industry of malicious hacking is on the rise, and suddenly there's a dire shortage of skilled IT personnel both in-house and private companies to fill the niche of knowledgeable expertise countering cyberattacks.

They're costly, disruptive, debilitating to the operation being held for ransom, and as they increase, society will find itself stumbling toward a solution, particularly as the hackers proliferate and find profit in disabling personal computers sending people into a tizzy of frantic reaction, willing to pay what it takes to free up their systems of communication and in the process enabling the criminal community to spread its menacing presence in a free-for-all of captive-and-threat-piracy.

Yet, as pointed out by Ali Ghorbani, dean of computer science faculty, NBU, schools in Canada are failing to comprehend the necessity of stressing the vital importance of STEM subjects; science, technology, engineering and mathematics. From basic training to the eventual creation of cybersecurity recruits in the numbers required to be responsive to the burgeoning threats. Threats to which companies specializing in cybersecurity will be hard pressed to find ten percent more trained professionals annually for the foreseeable future.

In one of Canada's smaller provinces alone with a population of 800,000, a shortage already exists of up to 700 cybersecurity workers. Losses caused by cyber crime since 2017 have almost tripled, and currently tally around $6 billion annually worldwide. Canada is behind leading nations like Israel, the United Kingdom and the United States in cybersecurity, failing to acquire a reliable assurance on how many experts are in the field, lumping them in with IT professionals, many responsible in their firms to handle security along with other duties.

In the shortage of homegrown cybersecurity professionals, Canada is in competition with other countries in similar positions, where Canadian universities search for international students to fill gaps. At present up to nine in ten students enrolled in STEM programs in Canada at a master's or doctoral level arrive from elsewhere, a reflection that education in that sphere is higher-rated in other countries mere alert to the dangers of cybersecurity than is Canada.

Government, feels Professor Ghorbani, should be alert to the need for schools -- from elementary students forward -- teaching basic Internet safety. Financial incentives offered to companies to train employees in front line cybersecurity would be a start, instead of relying on the cybersecurity industry itself, overwhelmed by volumes it can barely serve adequately. Eight of ten successful hacks, points out Professor Ghorbani, result directly from human error; everyday individuals with poor computer security hygiene who have no idea what they're doing and failing to do.

"Cybersecurity is all about avoiding surprises and managing risks. That's what it comes down to in the end. But the surprises won't totally go away, partly because the bad guys are as smart and have more resources and time and are more dedicated to otheir cause, either monetary or political."

"So keeping them at bay is like keeping burglars from our homes."

"This problem has never been solved; there are many ways they can come in. But you build barriers against that."

"It's the same with cybersecurity."

Ali Ghorbani