Expert calls for a deeper understanding of cybersecurity among executives
KPMG in Canada and Microsoft Canada recently announced the launch of its initiative to provide free hands-on training to help businesses and governments build cybersecurity protection.
Through the Operational Risk Skills Development Centre, the two companies are jointly investing $1.7M over three years.
During its first phase, the centre will provide courses on cybersecurity for small and medium-sized business leaders and board members, and generative AI for C-Suite and board members.
The training will be delivered in French, with the potential of more than 11,000 executives benefitting from training, according to the companies.
''Through this collaboration with Microsoft, we aim to strengthen cybersecurity and make generative AI a transformative opportunity, instead of a threat,'' says Benoit Lacoste Bienvenue, regional managing partner for the Québec region, KPMG in Canada. ''Through our innovation in these areas, we're taking concrete actions to advance security and have a useful and positive impact for organizations in Quebec.''
Trend Micro previously reported that, in the first half of 2023, it blocked more than 85.6 billion cybersecurity threats globally, consisting of email threats, malicious files and malicious URLs. That marked a 27 per cent year-over-year increase, according to the report.
Cybersecurity knowledge gap among executives
The training centre comes at a time of heightened need for executives to really understand cybersecurity, says Guillaume Clement, partner, KPMG Cybersecurity Services, in talking with Canadian HR Reporter.
This is because there’s always been a knowledge gap among business leaders when it comes to cybersecurity, and that gap is only widening with new technologies emerging, he says.
“This gap is not reducing. It's still there, and even increasing because of the complexity of our IT infrastructure.
Businesses, he says, automated parts of their operation and added the cloud dimension and other technological advancements to their IT infrastructure, but kept the legacy systems or the way of doing things.
In this case, “you're exchanging information more and more with clients, with partners, with providers, and your attack surface is increasing, your complexity is increasing.”
Generally, workers in their first six months with an organization (about 20 per cent) are twice as likely as veteran employees (about 10 per cent) to click on phishing emails compared to their veteran counterparts, demonstrating increased susceptibility to cyber threats, according to a previous report.
Now, executives need training that’s up-to-date for them to be able to deal with the current issues in the IT field, says Clement.
“Training has always been the key for many things, but because [the IT infrastructure is] changing so fast, the training needs to be adapted also. And we need to find a way to make sure that we adapt and we update the training material,” he says.
By early next year, courses at the Operational Risk Skills Development Centre will also be offered in English. The second phase of the program will also include more technical trainings, says Clement.
A deeper understanding of cybersecurity
Clement also calls on executives to shift gears when it comes to the way they approach cybersecurity.
“The upper management needs to be a bit more interested, but not [just] on the surface” when it comes to cybersecurity, he says.
He tells executives to “master a bit more of the risk, understand a bit more of the risk and be more interested when they're employees bring up [cybersecurity] issues and challenges”.
In the second half of 2022, only 2.1 per cent of all known business email compromise (BEC) attacks were reported to employers, with a massive 98 per cent left unreported, according to a previous report. Employees did not report malicious emails because of various reasons, including believing that someone else will handle it and the fear that they could be reporting emails that aren't malicious attacks.
Clement also notes “for the first time in history”, cybersecurity budgets cannot be cut. He even urges employers to increase it, if possible.
“There’s a lot of easy preys, unfortunately, in the Canadian market. We’re a little bit behind [when it comes to cybersecurity]. Even if we did a big jump [and] there’s a lot of improvements that happened across the board, we still see a lot of weaknesses, big vulnerabilities that were not addressed.”
He hopes the training offered via the newly launched centre can spark people’s interest in learning more about cybersecurity.
