Cyber Security Symposium paints a realistic picture of 21st century challenge
A sell-out crowd attended the recent Cyber Security Symposium held at Sheridan’s Hazel McCallion Campus on May 6. The audience, made up primarily of representatives from a wide range of businesses including UPS, Morguard, HSBC, Canon, IBM and Sony , was there to learn more about the threat posed by the ever increasing incidence of cyber crime, and what steps can be taken to prevent, manage and contain the risks to their organizations.
Presented by Sheridan in partnership with Scalar Decisions, the event was also sponsored by Microsoft Canada, NSERC, Kuehne + Nagel, the Mississauga Board of Trade and Inline Communications.
Dr. Victor Ralevic, professor and founder of Sheridan’s award-winning Bachelor of Information Sciences – Information Systems Security, kicked off the event with an overview of the global information systems ecosystem and the role of cyber security. He described the impact of what he referred to as ‘the Internet of Everything’: “In this word of pervasive computing and extreme interconnectedness, anything connected to a network is vulnerable to attack – even something as innocuous as a baby monitor.”
Ralevic outlined some of the leading information systems security threats, including unauthorized access to information, acceptance of false data, unauthorized use of part of a system, and denial of service. Predicting such security breaches is next to impossible, and therefore preventing them is an imperfect science, he said. “Detection, through the use of intrusion detection systems, and response, including post-attack forensics, audit trails and logs, and data recovery from back-ups, are the essential elements of security.”
David Peterson, Chief Technology Officer for Microsoft Canada, described the steps that Microsoft is taking to protect its data and that of its global clients – Microsoft is one of the largest cloud providers in the world. According to Peterson, the average cost of a data breach to a company is $3.5 million, but the damage to brand reputation can be exponentially more severe. He outlined the steps that Microsoft takes to protect enterprise information on both business and personal devices, based on a three-part approach to protect, detect and respond.
Microsoft is also heavily invested in a proactive approach to cyber crime, and has established a digital crimes center that collaborates with a global community of experts to proactively fight cyber criminal activity.
Roger Singh, Chief Technology Officer of Scalar Decisions, discussed the results of a recent survey the company conducted to measure the cyber security readiness of Canadian organizations. The company surveyed over 600 IT and IT security practitioners from a variety of industries. Of those surveyed, only 41% indicated that they felt they were winning the cyber security war. More alarmingly, organizations reported an average of 34 cyber attacks for the year, and 75% noted an increased sophistication to the attacks, along with a heightened impact.
Following a simultaneous series of breakout sessions focused on different aspects of cyber security, professor Nicholas Johnston capped off the event by presenting a summary of cyber security best practices. As with the keynote speakers, a prevailing theme of inevitability when it comes to security breaches informed his presentation. How a company prepares for and responds to such breaches can make a huge difference in its continued viability, according to Johnston. A first step is to establish a security baseline, centralize that data and monitor it regularly.
Johnston also outlined some of the internal and external sources of intelligence that can alert your IT staff to a breach, including vulnerability assessments, penetration tests and code audits (internal); and threat intelligence feeds, news, and social media (external).
The overriding message from the symposium’s presenters is that cyber security is the biggest challenge of our digital age. A lack of security awareness and education is contributing to the problem, according to Dr. Ralevic, who proposed the following measures as potential ways to improve cyber security:
- Privacy and security by design
- Rebuilding the Internet with end-to-end encryption and stricter access control
- Separation of devices used for business related tasks vs private usage
- Avoiding data aggregation
- Developing artificial intelligence systems and applications with some ability of self-correction in order to minimize human error
Delegates at the Sheridan Cyber Security Symposium at HMC