Companies with digital assets have faced cybersecurity threats since the dawn of the internet, but mitigation may be closer than they think. Through cross-sector collaboration, Canadian companies can find success in fending off even the most sophisticated of attackers by leveraging peer-to-peer information-sharing and collaboration through the Canadian Cyber Threat Exchange (CCTX).

As industries diversify and cross-pollinate, they collect digital assets that can carry value on the black market. Some experts believe effective collaboration can mitigate the chances of a breach, or the damage it could cause.

“Businesses have become more diversified, so we've now got telecom companies that run retail stores, or retail stores that provide financial services, or hydro companies that provide internet services,” says Bob Gordon, Executive Director of the CCTX. “Their vulnerability to attack changes at the same time. Attackers won't need to use a certain tool exclusively against a bank; they'll be able to use it across any sector. So there's real profit in different industries learning what they're mutually experiencing from a cyber-threat perspective.”

Evolving malware has victimized well-known firms for years, and the current target-rich environment in cyberspace can affect anyone.  A worrisome trend in ransomware has emerged, as exhibited by a variant of the Petya malicious program in 2017 that was designed to destroy data rather than extort money. Attacks can come from anyone, with any purpose— be it a disgruntled former employee, an angry customer, or someone with rogue intentions.

Working in tandem

Companies have started to recognize that working with others is not a competitive disadvantage because the security risks are collective, says Gordon. Sharing information allows participating firms to look at attacks “through the front door” as a blatant cyberattack, or as an unauthorized presence within the network.

For example, a larger enterprise could share information that small and medium sized businesses (SMBs) may find pertinent for their own defence, or vice versa. Either way, executives and business owners would be aware of the risks, vulnerabilities, and threats, having a greater understanding of whether they might need to bolster their defences, which could include turning to an external provider for help.

“The digital economy we now live in depends on the public having confidence in the system,” says Gordon. “It doesn't matter what company you are or how big you are. If people start to lose confidence in the system, then all companies suffer.”

Gathering intelligence

Humza Teherany, President of the CIO Association of Canada, says that increasing industry digitization puts more sensitive data in play. He believes the data leaks associated with the high-profile attacks have been a wake-up call for companies.

“It’s important to have those conversations in a friendly environment, behind closed doors, and, naturally, without divulging any corporate secrets,” says Teherany. “It’s just talking about the trends, because they change every year. The basic tenet of what cyber attackers are going for doesn't change, but how they get there does, and I think having that peer group to talk through helps immensely, especially in the Canadian marketplace.”

He acknowledges seeing more Canadian companies including IT and cybersecurity risks with overall corporate risk, putting it front and centre in day-to-day operations. Some have also started to hire Chief Information Security Officers.

Given the significant increase in cyberattacks worldwide avnd increasing maturity of new malicious programs every day, preparing for the cyber threat du jour can be challenging for businesses to navigate. The CCTX supports the sharing and analytics of cyber threat information across all sectors and serves as a collaboration hub for cyber professionals to exchange best practices, techniques and insights to mitigate current cyber security issues.