The Canada East Virtual Cybersecurity Summit took place on 28 and 29 May 2020. The event was organized by the Data Connectors, the largest cybersecurity community in North America and Canada.
The summit primarily focused on Toronto, Ottawa and Montreal and had an expert panel consisting of senior executives from the cybersecurity industry. The most notable among them were Fariba Rawhani, Chief Information Officer (CIO) of Teranet Inc., and Madeleyne Vivanco, Board Director of the CIO Association of Canada.
Several renowned cybersecurity companies like CI Security, BlueVoyant, White Source and Quest also took part in the event.
Canada East Virtual Cybersecurity Summit – event details
The Canada East Cybersecurity Summit mainly focused on the latest trends and challenges face within the global and Canadian cybersecurity industry. The summit speakers also provided useful solutions for how to tackle current and future issues in the domain.
The event was a great platform to gain insights from experienced players in the industry such as directors and CIOs of cybersecurity providers. They enhanced the value of the lectures with examples and case studies from their own experiences.
Primary speakers in the Canada East Virtual Cybersecurity Summit
There were many notable speakers in the cybersecurity summit including Michael Landewe, Co-founder of AVANAN, Denis Ryan, Senior Director of Proofpoint, and Greg Jackman, Canadian Regional Director of Forescout.
The keynote speaker of the event was Vern Crowley, Detective Sergeant of the Cyber-crime Investigation Team in the Ontario Provincial Police.
What were the key takeaways from the event?
The summit speakers focused on the latest cybersecurity challenges like BEC. They discussed possible solutions and best practices to avoid them. Some speakers also stressed the importance of cyber hygiene and outlined appropriate guidelines to how to achieve it.
Here are three major takeaways from Canada East Virtual Cybersecurity Summit 2020.
There are primarily two types of email frauds —Business Email Compromise (BEC) and Email Account Compromise (EAC).
- In BEC attacks, the criminal usually impersonates a senior member of a company and may ask you to reveal sensitive information. While the email ID used might resemble a real account, it will be a duplicate or a spoof account.
- In EAC attacks, a cyber criminal gains access to an existing business accounts either by deceiving the account owner or hacking it. They then use the business email ID to retrieve sensitive data from inside a company.
Email frauds continue to be one of the most common cyber crimes and hardly any company seems to be completely immune from them. According to the Canadian Centre for Cyber Security, BEC/EAC scams have cost businesses more than CAD 26 billion since 2016.
One way of preventing these scams is to employ a competent team of qualified cybersecurity professionals who can build an efficient system to spot irregularities in email addresses. The best practices to avoid these scams also include minimizing the number of people with access to sensitive data and activating multiple authentication levels for individual email accounts.
(The session on EAC/BEC was led by Denis Ryan, Senior Director of Email Fraud for Proofpoint Inc.)
Identity and Access Management
Identity and Access Management (IAM) is all about defining the roles and points of access to essential data to employees in any company. The core principle of IAM is to ensure that one individual has only one digital identity irrespective of the number of accounts or roles they handle.
Yassir Abousselham, Chief Security Officer for Okta (a global IAM provider), defines IAM as, “Granting access to the enterprise assets to the right users in the right context, and in a timely fashion.”
Monitoring a single digital identity for multiple account entries or exits by an individual can be problematic. As more and more employees use multiple devices to log in to their enterprise accounts, managing their identities and accesses can become even more complicated.
Fortunately, there are many IAM tools and technologies such as password management software or security-policy applications available to companies. These tools can also help companies easily adjust to virtual work environments we are becoming accustomed to today.
(The session on IAM was led by Matthew Marji, Senior Product Security Engineer for Auth0, an identity platform for application developers.)
Cyber hygiene encompasses all the guidelines and best practices that can help you maintain your system’s health and ensure online security. Cyber hygiene practices can ensure the efficiency and safety of your company data and systems. These guidelines often form the crux of a cybersecurity team to ward off common cyber threats like phishing and malware.
Here are a few easy ways to ensure cyber hygiene in any business organization.
- Regularly update your computer systems and software
- Don’t keep sensitive data in your cloud storage. Whenever possible, make multiple copies of important files and save them in a physical storage drive.
- Make an updated list of all the software, hardware and online applications on your system
- Make it a point to add complex passwords for all your accounts and use an encrypted password manager to manage multiple passwords
(The session on cyber hygiene was led by Greg Jackman, Regional Director for Canada in Forescout.)
In addition to these cyber-concepts, the event also covered the risks associated with the Internet of Things (IoT) and risk management in a cybersecurity context.
Cybersecurity conferences are excellent places to network with leading players in the cybersecurity industry and update yourself with the latest industry trends. The lectures and seminars in these events also help you gain relevant knowledge and ideas that can help progress your career in cybersecurity.
Do you want to learn more about encryption techniques for preventing EAC/BEC scams? The Diploma in Cybersecurity Specialist Co-op program from the Toronto School of Management (TSoM) can be a great way to enhance your knowledge.
The program curriculum consists of industry relevant modules, such as Concepts and Practical Implication of Encryption, that cover different encryption techniques to secure your computer.
Click here to view the details of this program at TSoM.