Skip to content

F1TYM1

InfoSec News

  • Fity Feeds
  • Fity Blog
  • About
  • Other

Malware / Ransomware

How Hash-Based Safe Browsing Works in Google Chrome
US treasury whips up sanctions for crypto mixer Tornado Cash
Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook
New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'
New Woody RAT Malware Being Used to Target Russian Organizations
7-Eleven Stores In Denmark Closed Due To a Cyberattack
Great, Now the Apple App Store Has Malware Too
Meta Disrupted Two Cyberespionage Operations in South Asia
US, Australian Cybersecurity Agencies Publish List of 2021's Top Malware
Evolution of security: the story of the ILOVEYOU worm | Kaspersky official blog
Hackers Using SHARPEXT Browser Malware to Spy on Gmail and Aol Users
A Ransomware Explosion Fosters Thriving Dark Web Ecosystem
Fresh RapperBot Malware Variant Brute-Forces Its Way Into SSH Servers
Deepfakes Grow in Sophistication, Cyberattacks Rise Following Ukraine War
10 Malicious Code Packages Slither into PyPI Registry
US aims to step up security for federal datacenters: Both physical and cyber
The evolution of security: the story of Code Red | Kaspersky official blog
Sonatype shines light on typosquatting ransomware threat in PyPI
How cybercrims embrace messaging apps to spread malware, communicate
Defence against the dark arts of ransomware
One-third of organizations experience weekly ransomware attacks
Top malware strains observed in 2021
Chinese hackers use new Windows malware to backdoor govt, defense orgs
GitHub Zero-Day: From 35K Repos Compromised to False Alarm
SafeBreach Coverage for US-CERT Alert (AA22-216A)- Top Malware Strains in 2021
Why is device protection for kids valuable?
Phishing attack adds pressure with countdown clock
Targeted attack on industrial enterprises and public institutions
Andariel deploys DTrack and Maui ransomware
Researchers uncover sophisticated global Chinese hacking operation
7-Eleven Stores In Denmark Closed Due To a Cyberattack
APT34 (aka OilRig, aka Helix Kitten) attacks Lebanon government entities with MailDropper implants
Strengthen Android privacy and security via Telsy free secure DNS over TLS
Diving into YarGen
Strengthen Android privacy and security via Telsy free secure DNS over TLS
APT34 (aka OilRig, aka Helix Kitten) attacks Lebanon government entities with MailDropper implants
Facebook Removes Accounts Used to Infect Thousands With Malware
New Warning on Ryuk Ransomware
Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update

Key Considerations for Canada’s Forthcoming National Cyber Security Strategy

On December 16, Prime Minister Justin Trudeau released mandate letters tasking his ministers of national defense, foreign affairs, public safety, and industry to develop a new “National Cyber Security Strategy.” He specifically highlighted the need for the strategy to “articulate Canada’s long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace,” as quoted by Global News.

The directive did not appear out of nowhere. Canada’s intelligence community has issued several key warnings of cyberattacks in the past few years. Back on March 19, 2020, for example, the Communications Security Establishment (CSE) released an alert revealing that cyber criminals and nation-state actors were actively attempting to exploit fears surrounding the COVID-19 pandemic to target Canadian healthcare organizations with attack attempts and data theft. Most recently, CSE released a report in which it revealed that more than half of Canada’s known ransomware victims for 2021 were critical infrastructure providers. The agency also confirmed that it had used its “legal authority to conduct cyber operations to disrupt foreign-based threats to Canada, including cybercriminals,” per CBC News.

Streamlining Cyber Security Strategy

It is great to see the initiative here to build a National Cyber Security Strategy in Canada. However, the key here will be how swiftly can Trudeau’s ministers develop and implement that strategy. Cybersecurity threats are evolving quickly, and as we have seen most recently with Log4J, sometimes they need to be addressed very quickly. It will be important for this National Cyber Security Strategy to include things that ensure a well-built foundation of best practices.

The good thing is that Canada does not need to reinvent the wheel. Why would they when they can look to best practices such as the Center for Internet Security’s Critical Security Controls (CIS Controls) as a basis for their work? Version 8 of the CIS Controls even breaks down those security measures into three Implementation Groups that organizations can use to achieve increasingly mature levels of cyber security hygiene.

How Can the CIS Controls Drive Cyber Security in Canada?

If we take a quick look at the CIS Controls, we see that a key building block is understanding which devices resources need protection. That’s why the first two CIS Controls emphasize the importance of building an inventory of enterprise assets and of software assets. These resources include standard IT assets that most organizations have deployed on the production side of things. But they can also include Operational Technology (OT) and other specialized equipment used by critical infrastructure. With more remotely connected users than ever, it also involves a barrage of Internet of Things (IoT) devices that could be anywhere in the country. Those devices could be anywhere in the world accessing services within Canada.

So, in addition to the technical considerations I’ve already touched upon, policy makers must ensure that this National Cyber Security Strategy considers foreign and domestic policy as the evolution of the Internet continues to shrink our borders.

Some Important Questions to Consider

Once that high-level strategy is created, the Canadian government must answer several questions. How does this National Cyber Security Strategy translate into technical controls that can be widely implemented? And how can it help to secure funding that critical infrastructure providers and other organizations can use to protect identified critical assets?

If we look at sectors such as healthcare, manufacturing, and energy, we see that many of those responsible for securing their devices are underfunded and understaffed. So, will this strategy include measures to train more cybersecurity professionals? Implement mandates for compliance to security requirements? Provide funding to organizations in these critical sectors to boost their cyber security posture? And will the CSE provide free assessments? Those questions remain to be answered. We’ll need to wait until the National Cyber Security Strategy is released.

Another aspect to consider is that if there is a new compliance requirement, the strategy will need to include provisions to ensure that the compliance does not merely consist of checking off a box. The controls that are implemented need to provide actual value to improving the risk posture of individuals, organizations, and the country overall.

Finally, Canada should not limit its training to cybersecurity professionals only. On the contrary, it can also focus on bringing better cybersecurity awareness to the greater population of Canada. This can be enacted through universal cybersecurity awareness training that begins in primary education and reinforces basic cyber hygiene throughout the primary and secondary school curriculum. Empowering individual citizens to know what to look for and how to better use their connected services is another way of providing greater cybersecurity for the entire country.

Looking Forward

Global News noted that there is no deadline for the delivery of Canada’s new National Cyber Security Strategy. Trudeau did tell his ministers that he expects to receive regular and public updates on their progress, however. We at the State of Security will keep you informed about those updates and what they mean for cybersecurity in Canada going forward.

Related

Posted on 2022-01-06Author BlogCategories Fity Feeds

Post navigation

Previous Previous post: Constant compliance is security theater
Next Next post: Network Security Market Size 2021 Analysis by Top Key Companies – Energy Siren
Proudly powered by WordPress