Fraud Management & Cybercrime , Geo-Specific , Leadership & Executive Communication

Canada East Summit: From Ransomware to Growing CISO Liability

Canadian Cybersecurity Leaders Brace for Changing Security Landscape and Regulations
Canada East Summit: From Ransomware to Growing CISO Liability
Ruth Promislow, partner, Bennett Jones; Deniz Hanley, Canada CISO and head of technology risk at Morgan Stanley, and CyberEdBoard member; Imran Ahmad, partner/head of Canadian technology, Norton Rose Fulbright; and Tom Field, SVP, editorial, ISMG

At the recent Cybersecurity Summit: Canada East, cybersecurity leaders, industry experts and top executives discussed the surge in ransomware attacks, the integration of AI into security frameworks and growing personal liability concerns for CISOs.

See Also: The CISO Playbook for Cloud Security

With an emphasis on practical strategies, the Information Security Media Group summit focused on the challenges and solutions that cybersecurity leaders need to prioritize in the coming years. Ransomware defense was a major topic.

Ransomware: Lessons From Recent Attacks

Speakers discussed the sharp rise in ransomware attacks over the past year in Canada and how CISOs need to prepare for a response. Aniket Bhardwaj, vice president of global incident response and cyberthreat operations at Charles River Associates, and CyberEdBoard member; Priya Mouli, head of information security and compliance at Sheridan College; and Eric Charleston, partner, national co-leader of cybersecurity at Borden Ladner Gervais, discussed recent high-profile ransomware incidents, including the LockBit attack on London Drugs and breaches affecting Ontario hospitals. These incidents have led to ransom demands exceeding CA$1 million - an increase of almost 150% in the last two years.

Bhardwaj, Mouli and Charleston advocated for a zero-trust architecture and the need for employee awareness and training. Organizations should adopt a proactive stance by conducting regular security audits and prepare incident response plans tailored to ransomware scenarios, the panelists said.

Deepfake Threats and Cyber Deception

In an interactive tabletop exercise, attendees participated in a simulated deepfake incident targeting a corporate executive. Led by Josh Iroko, managing consultant, Mandiant, Google Cloud; and Carl Montreuil, director, federal policing criminal operations - cybercrime, Royal Canadian Mounted Police, this exercise underscored the growing use of deepfake technology in cyber deception and financial fraud. Participants explored the complexities of identifying and responding to deepfakes, which have become an increasingly prevalent tool for cybercriminals.

Executive Liability in the Age of Accountability

The increasing personal liability for CISOs has made it imperative for security leaders to understand and mitigate their risks. Robert Knoblauch, former deputy CISO of Scotiabank; and Imran Ahmad, partner/head of Canadian technology at Norton Rose Fulbright, discussed the rising scrutiny on security executives and shared proactive measures that CISOs can take to protect themselves from personal liability, such as thorough documentation, timely breach disclosures and maintaining rigorous security protocols.

The discussion drew from high-profile cases, including those against executives at Uber and TSB, reinforcing the need for CISOs to ensure a heightened sense of accountability. Knoblauch and Ahmad brought attention to a key message: Leveraging cyber insurance and legal counsel is crucial for shielding security leaders from potential consequences. .

The summit also provided critical insights into the regulatory environment in Canada, with Ahmad; Ruth Promislow, partner at Bennett Jones; Deniz Hanley, Canada CISO and head of technology risk at Morgan Stanley, and CyberEdBoard member, leading discussions on the Critical Cyber Systems Protection Act and the Enhancing Digital Security and Trust Act. These new laws have introduced mandatory incident reporting requirements.

"Canada is feeling woefully behind the U.S. when it comes to critical infrastructure protection and cybersecurity legislation - they're playing catch-up," said Tom Field, senior vice president of editorial at ISMG.

The summit also addressed the vulnerabilities present in modern supply chains. Craig Peppard, CISO at ivari Canada; Fernando Montenegro, senior principal analyst at Omdia; and June Leung, director of identity and access management at Mackenzie Investments, shared insights into securing supply chains against zero-day vulnerabilities. They discussed the importance of conducting rigorous vendor risk assessments, especially in light of recent supply chain breaches such as the MOVEit Transfer and Suncor Energy incidents. The panelists advised attendees to implement advanced security controls and continuous monitoring systems to safeguard critical assets.

"AI use cases are developing. But the good guys aren't putting gen AI to work nearly as quickly or as efficiently as the bad guys. This is a serious red flag," Field said.

Key Takeaways

  • AI is transforming both defense and attack strategies, making it critical for organizations to refine their AI tools while addressing associated risks.
  • CISOs face increasing personal liability, and adopting legal safeguards and maintaining proactive documentation are crucial to protecting themselves and their organizations.
  • Compliance with Canada's new cybersecurity regulations is vital, and organizations must be prepared to meet mandatory reporting requirements.

Join us at ISMG's Virtual Government Cybersecurity Summit Oct. 29-30, 2024. Discover cutting-edge strategies and insights from industry experts to safeguard your organization against evolving cyberthreats.


About the Author

Pooja Tikekar

Pooja Tikekar

Project Manager - Global Copy Desk, ISMG

Tikekar has more than eight years of experience in the online media and publishing industry. Her focus areas include writing, time-bound editing, and ezine anchoring and production. Prior to ISMG, she served as the sub-editor for CISO MAG by EC-Council, writing news features on cybersecurity trends and interviewing subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.