Why Canadian organizations need a layered cyber “stack” now

As we venture into Cybersecurity Awareness Month, it’s worth taking a look at the state of our industry.  We’re seeing fewer businesses report cyber incidents than in recent years, but the ones that are reported, are more disruptive than ever. Costs are rising too; recovering from attacks is now costing our economy billions as they’re better targeted and more complex to fix. The average breach costs in Canada are among the world’s highest, as ransomware attacks continue to rise. The takeaway: the risks are growing, and your defences must scale to match the threat.   

Our great partners at The Canadian Centre for Cyber Security (CCCS) have established guidelines on the Top IT Security Actions and Baseline Controls. The best way to think of these controls are as layers in a larger stack. Each layer reinforces the other and provides a more robust approach for Canadian organizations to protect themselves against cyber attacks. A layered approach forces attackers to clear several hurdles while triggering multiple alarms along the way. Using the CCCS guidelines, we can craft a pragmatic layered approach to security.  

Here is an example that aligns with CCCS guidelines and Canadian privacy and residency expectations:   

1. Identity and access management: multi factor authentication everywhere, least privilege access, conditional access and privileged access management.  
2. Endpoint protection and hardening: XDR, rapid patching and application controls where feasible.  
3. Email security: anti-phishing and protection against email domain spoofing, using protocols such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-Based Message Authentication Reporting and Conformance (DMARC).  
4. DNS filtering using a Canadian-hosted DNS resolver to protect environment users from accidentally hitting a malicious domain on the internet. 
5. Data protection and resilience with encryption, classification, data loss prevention and backups. 
6. Monitoring and response: centralized logging, SIEM/SOAR capabilities and 24/7 detection via the Canadian Security Operation Centre or in-house operations.
7. Third party governance: vendor risks reviews, data residency requirements and privacy impact/transfer assessments for cross border transfers (required in Québec). 

Of course, great technology is only as good as the people behind the keyboard. The most important part of your layered security stack are the humans, your first line of defence.  Implementing rigorous cybersecurity training, testing and simulations with your entire team can create a cybersecurity culture in your organization and even stop attacks before they hit your defence system.  

Here at CIRA, we’re kicking off Cybersecurity Awareness Month by heading to SecTor in Toronto next week. If you’re interested in talking more about how to implement your cyber stack—one that leverages Canadian technology, infrastructure and data residency—come and see us at booth 1011 to find out how CIRA can help.