Organizations still fall short on cyber security, Canadian breach response expert tells privacy conference

There’s a reason serious criminals are called ‘organized crime:’ Because they’re well-organized.

Here’s how well: According to Ed Dubrovsky, managing director at Cytelligence, a large Canadian breach response company, some groups have “mind-blowing” capabilities, including running analytics against merged lists of stolen personal data.

Ed Dubrovksy, Cytelligence

Unfortunately, he also told a privacy conference Tuesday, despite years of warnings organizations are still sloppy at cyber security.

“I strongly believe in fundamentals,” he told the annual Privacy and Data Security Compliance Forum in Toronto put on by the Canadian Institute. “You need technologies — and policies and process and governance that address the fundamentals” of security.

People need to be trained in security awareness, he said, “but not with a PowerPoint [online presentation] but what is relevant to what is happening out there so they understand. If you use PowerPoint, trust me employees are clicking next, next, next. It has to be effective, relevant.”

An organization needs a breach response plan tailored to its risks and threats, he added. It has to understand not only where corporate data is stored, but how to classify it for protection.

“I talk to many SMBs on a regular basis and tell them they need to do all these things, and they go, ‘Why, nobody cares about my data.’ And my question to them is. ‘Do you care about your data? ,,, Your data means a lot to you.”

In an interview Dubrovsky said the fundamental mistake organizations make is focusing on the company’s operations — meaning getting IT projects out the door — versus security. Instead they should want to get applications working and secure.

‘”Security still doesn’t have the respect and a seat at the table, the way it should have,” he complained. Why? Because — as many other experts have said — many infosec pros still can’t explain their needs to management in terms of risk reduction. “We’ve got to talk their language.

“This is changing for the better,” he admitted, “but when I talk to IT people they still say talking to the C-suite is still very challenging.”

If you want to buy a security product, he advised, tell management it lowers risk of a breach which could lower revenue or damage the company’s brand. “These elements need to be communicated clearly, so you get, ‘Yes, go ahead.'”

As for awareness training, it would help if employees got the message from their parents or in primary school. Otherwise, he said, organizations have to make sure trainers are experienced. “I think it has to come from individuals that actually experience the results if cyber attacks, how it gets into systems, he said.”

Trainers also have to remember everyone learns differently. “And it has to have a little bit of fun. Gamification goes a long way,”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now