Ottawa introduces National Cyber Security Strategy to protect businesses, workers

As cyber threats continue to evolve and pose risks to Canadian businesses and employees, the federal government has introduced a new National Cyber Security Strategy aimed at strengthening the country’s digital defenses.

“Canada must continue to be a leader in cyber security, especially in the face of persistent and ongoing cyber threats,” says David McGuinty, minister of public safety. “The new National Cyber Security Strategy demonstrates the government of Canada’s commitment to a whole-of-society and agile approach to protecting our nation’s cyber security for citizens across our great country, for Canadian businesses and for essential cross-border services and critical infrastructure.”

The new NCSS – called Securing Canada’s Digital Future – focuses on a whole-of-society approach to cyber security. It outlines Canada’s long-term plan to improve partnerships across all levels of government, law enforcement, industry, Indigenous communities, academia and international allies to reduce critical infrastructure disruptions to government services. 

It will facilitate faster information sharing and ensure that all partners are taking the necessary measures to prevent cyber incidents, according to the federal government. Also, it will fund initiatives to improve the nation’s cyber security, including awareness and education programs for children and youth to ensure they can fully participate in a digital age, while being resilient and prepared.

“We must work together and protect Canadians and Canadian businesses, and prevent critical infrastructure disruptions to services that our citizens rely on every single day,” says McGuinty.

The adoption of generative artificial intelligence (AI) in Canadian workplaces has more than doubled in the past year, but many Canadians may be risking sensitive data in the process, according to a previous KPMG report.

The growing cyber threat to Canadian workplaces

According to Public Safety Canada, cyber threats have become a leading risk to Canada’s economy, with businesses of all sizes vulnerable to attacks. Malicious cyber actors are targeting critical services, including healthcare and education, while cybercriminals steal private data and disrupt operations. The government branch also notes that state-sponsored cyber threats have also increased, particularly in response to Canada’s support for Ukraine and its membership in the North Atlantic Treaty Organization (NATO).

Public Safety Canada warns that many Canadian businesses lack the resources to defend against sophisticated cyberattacks. The financial and reputational damage from data breaches, ransomware, and cyber espionage can be severe.

“Canadian businesses of all sizes must embrace a cultural shift that prioritizes secure-by-design products, and a mindset of being ‘first-to-secure’ rather than only being ‘first-to-market,’ according to the strategy. “Only in this way can the security of the digital ecosystem be improved.”

Cyber threats are once again the top concern for Canadian businesses, according to a survey.

Key elements of the National Cyber Security Strategy

The strategy is based on three core priorities:

• Protecting Canadian businesses from cyber threats
  • Strengthening public-private collaboration to improve cyber resilience.
  • Establishing the Canadian Cyber Defence Collective (CCDC), a national engagement body to coordinate cybersecurity efforts.
  • Expanding cyber awareness programs such as “Get Cyber Safe” to educate employees.
• Developing Canada’s cybersecurity workforce
  • Expanding cybersecurity training and workforce development programs.
  • Supporting the Cybersecurity Attribution Data Centre (CADC) at the University of New Brunswick to train AI-driven cybersecurity professionals.
  • Encouraging businesses to adopt secure-by-design technologies through incentives and regulatory measures.
• Enhancing cybercrime detection and response
  • Increasing the capacity of the Communications Security Establishment (CSE) and Royal Canadian Mounted Police (RCMP) to counter cyber threats.
  • Partnering with internet service providers (ISPs) to block malicious online activity.
  • Strengthening law enforcement coordination to investigate and disrupt cybercrime.

Previously, the federal government also launched the Canadian Artificial Intelligence Safety Institute (CAISI) to bolster Canada’s capacity to address AI safety risks.

How can we improve cyber security?

Here are some steps that can help employers eliminate vulnerabilities from systems and networks, according to Coursera:

1. Implement a robust cybersecurity strategy.
2. Update and enforce security policies.
3. Install security updates and backup data. 
4. Use strong passwords and multi-factor authentication.
5. Collaborate with the IT department to prevent attacks.
6. Conduct regular cybersecurity audits.
7. Control access to sensitive information.
8. Monitor third-party users and applications.
9. Embrace IT training and education.

“Effective cybersecurity practices are important because they can help your company prevent cybercrime such as identity theft, reputation damage, and the interruption of daily business,” says Coursera.