Technicity West: A lot can be done to improve cybersecurity with few resources

Share post:

Canadian municipalities and school boards facing financial constraints can still do a lot, short of overhauling their infrastructure, to boost their cybersecurity, a Technicity West panel on cybersecurity in the public sector was told this month.

“It’s really important as a first line of defence that our staff are aware” of cybersecurity risks, said Brad Labrenz, chief security officer (CSO) of the city of Calgary. “The more awareness we can put forward, the better off we can respond to threats.”

Training is worth it, he said, noting that when the municipality runs its annual cybersecurity awareness program, the click rate on phishing tests drops.

Darin Young, chief information officer (CIO) of the city of Delta, B.C., said the municipality takes what he called a balanced approach, educating staff about the cyber landscape and the risks that go with it. Not only does the city have an annual compulsory training program, it runs phishing tests all year. Those who are “unsuccessful” on a test have to take a remedial training course. That got the click rate down “significantly over the past couple of years,” he added.

Another relatively inexpensive security booster was pointed out by Trevor Butler, general manager of information services and digital transformation for the city of Lethbridge, Alta.: Having a disaster recovery plan.

Cybersecurity awareness is also key to getting municipal councils or school boards to increase security funding, panelists agreed.

“We make sure our council and business units understand their own risks,” said Labrenz. “And what’s there to mitigate it. Ultimately that allows business unit owners to make risk decisions on their own. That is key to having them as a collaborative partner.”

“It’s a collaborative relationship with your business partners,” he added. “As they make decisions on how and where to spend their allocated budget, they obviously have a role to play in understanding their risks. If we’re good partners, we’re going to be very good at helping them understand what that risk is, and allowing them to make decisions. I don’t think we present risk as all-or-nothing. We often present them will different levels of risk and different levels of mitigation, and then allow the business owners to make decisions based on their budget.”

“When you have limited resources, the first thing you want to do is find out where the greatest risk is and apply those resources where it makes sense,” added Young.

Asked by panel moderator Richard Freeman, a portfolio manager of enterprise workflow solutions at Ricoh Canada, how staff can be empowered to make smart security decisions, Butler cautioned against having a punitive attitude toward those who make mistakes. “That’s not the world empowerment lives in,” he said.

“Naming and shaming” isn’t part of education, agreed Labrenz. Calgary has been hit twice by major cyber events — one was ransomware — and both times the staff that made mistakes reported their errors to the IT service desk. They wouldn’t have done that if they believed they would be “ostracized” for starting the incident, he said.

Peter Holowka, director of education technology at West Point Grey Academy, a Vancouver private school, noted the cybersecurity awareness of staff at the institution has gone up since the pandemic. “You can expect a level of sophistication [now],” he said.

Finally, asked about cyber insurance, several panelists said their municipality has it. But with premiums and deductibles going up and coverage going down, many are thinking of “self-insurance” — meaning taking the money being spent on insurance and putting it into improving IT.

The post Technicity West: A lot can be done to improve cybersecurity with few resources first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, March 29, 2024 – PyPI repository shuts to stop malicious uploads, a plea to developers to stop creating apps with SQL...

This episode reports on a US$10 million reward for a ransomware gang, a new Linux version of a backdoor

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

This episode reports on a new campaign stealing email passwords ,the latest data breaches

A hacker’s view of the civic infrastructure: Hashtag Trending, the Weekend Edition for March 23rd, 2024

What does the civic infrastructure look like through the eyes of a hacker? The legendary general Sun Tzu in the Art of War said that in order to defeat your enemy, you must first understand your enemy. How do you do this? He said, “to know your enemy, you must become your enemy.” If we

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways