Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 121 - 135 of 656
Feras Antoon
View Feras Antoon Profile
Feras Antoon
2021-02-05 14:20
I don't know off the top of my head, because we restructure once in a while. We use third party companies that give us advice. The structure is not complex, to be honest. It's just that we have many products, and the structure is built on the advice of third party professionals.
Feras Antoon
View Feras Antoon Profile
Feras Antoon
2021-02-05 14:20
We used to have one in Ireland many years ago, and now we've closed that.
View Jenny Kwan Profile
NDP (BC)
Thank you.
I have another quick question. We learned about VFS Global, which is a company that is now apparently doing contract work for the Canadian government, processing visa application information. Should we bring that work back in-house? I'm very worried about the people of Hong Kong.
I would like quick answers from everybody.
Eric Li
View Eric Li Profile
Eric Li
2021-01-27 19:09
Yes, definitely, because I heard that some information was leaked already. I cannot fact-check that, but I was told that some information was leaked because of.... Somebody went through that process. I'm really afraid this was not a single instance—it's probably quite common there.
View Kristina Michaud Profile
BQ (QC)
Thank you, Mr. Jones.
I will definitely be sharing this holiday gift guide. It seems very good, especially to inform our fellow citizens.
I'll now turn to small businesses, large companies and all those that could be threatened by cyber-attacks. We have seen small businesses that have been victims of ransom demands hesitate to consult lawyers, and pay to recover their property or personal data. Several articles in the media have indicated that small businesses have been victims of this.
Perhaps insurance companies could play a greater role and lawyers could be more knowledgeable in this regard. Turning to the federal government, what role can it play in this case?
We can indeed provide information, but are there government programs or legislative changes that could be put in place?
All of this is evolving very quickly, so what role could the federal government play in it?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 15:58
I think there are a few things.
Certainly, embarrassment and shame and fear about a potential loss of business are preventing organizations from reporting. In cybersecurity, unfortunately, we tend to punish the victim and not the perpetrator in our actions as citizens. We tend to shift away, and so there's an incentive for an organization to not admit when they're victims of a cybersecurity incident.
Then there's the second piece where there is embarrassment because the situation usually involves a mistake. Sometimes it's not because a patch has not been applied, but a lot of times it involves their having clicked on something they shouldn't have, and we have to begin to destigmatize that, and make people aware. You can get fooled. Some of the cybercriminal aspects...I believe it's only a matter of time before I'm going to click on something because some of them are so well done.
So if I know that is the case in my job, then nobody else should be feeling shame for it. I will probably be embarrassed when I click, but I'll get over it.
Lastly, I think some of the things we have seen include indications that insurance companies are telling organizations not to report, not to go to police, which makes this a very challenging thing to respond to, and also to get accurate statistics about, so we that know where to apply our resources on the specific threats. If we wanted to start to work on a particular version of cybercrime, without knowing what's hitting Canadians, where do we start?
Cybercrime is a global enterprise, unfortunately, but we should be focusing on what's targeting Canadians, and that's a challenge both for ourselves and the RCMP, because Canadian organizations just simply are not reporting for whatever reasons—ranging from embarrassment all the way to being advised not to report and pay the ransom to get back online.
View Kamal Khera Profile
Lib. (ON)
Thank you, Mr. Chair.
Thank you, Mr. Jones, for being here and for your report and all of the incredible work you do.
I'll pick up where my colleague Kristina left off. Your report noted that the vast majority of cyber incidents in Canada occurred because simple or basic elements of cybersecurity weren't followed. In other words, this was completely preventable. What steps can the cyber centre take to further increase awareness and compliance to ensure that Canadians are taking the appropriate steps to protect themselves? What can my constituents do? What is the responsibility of businesses, individuals and the government?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 16:15
That's an excellent question.
I don't want it to sound as if we're blaming Canadians for this, because it isn't easy, nor do I want to blame businesses. The problem with the technology world is that we've made it too hard for business to keep up to date, and a small business owner should not also have to be a firewall expert and a networking expert and a computer expert. There's a certain amount on business to take this on and make it easy for them to do.
But there are some simple things. Our small and medium-sized business guidance does give some simple steps that we've written to be accessible. I really did appreciate the comments about making the report accessible. We really are trying to write this for advice and guidance for all Canadians.
For individual Canadians, though, we do publish tips. We try to put them out such that it's one simple action to take to make yourself more secure. It can be, today I'm going to make a unique password for my bank. That immediately means if it's not being reused—you never use that password—you're raising the bar for your bank. Multi-factor authentication is harder. When you log in to your bank, for example, and you turn it on, it means somebody else can't log in as you. Even if they get your password, there's another step to verify. That, again, makes it hard, so the cybercriminal is going to move on. Essentially what we're talking about is putting hurdles in place. Why would a cybercriminal want to jump over them when they can move on to the next target, who doesn't have the same hurdle in place? That only works for individuals.
When we look at companies, especially large organizations, sometimes they're worth the effort, so they'll pay to invest to develop unique capabilities after them, and that's what we call “big game hunting”, which cybercriminals will target. That's where a large organization has the benefit of a larger budget and a larger cybersecurity organization so they can bring in a really qualified provider to help them.
View Emmanuella Lambropoulos Profile
Lib. (QC)
Yes, thank you, Mr. Chair.
Thank you very much, Mr. Jones, for being with us and answering our questions.
I have two questions for you.
With all the trade agreements we've signed over the past five years, more and more Canadian companies are doing business in global markets, as you know. It's great for the Canadian economy, it's convenient and it's good for business.
In the domestic cyber threat assessment, you indicated that the threat of online espionage is certainly much higher for Canadian companies doing business abroad or working directly with foreign state-owned companies.
You've already touched on the subject and given suggestions on how Canadians and businesses can protect themselves. I'd like to know if you have any advice for companies that have direct contact with actors who may be sponsored by foreign states that could threaten cybersecurity.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 17:02
Great. Thank you for that question. There are risks, and it depends on which country we're looking at. Specifically recall that we talked about state-owned enterprises and partnering with those.
This is where, depending on the Canadian business, there's quite a lot of advice out there. It's about understanding what the goal of the partnership agreement is. Is it a technology transfer agreement where it really is looking to transfer the technology to build, or is it about manufacturing and you're outsourcing something?
Knowing what's important to you as a company is the first step. What makes my information special? Is that intellectual property, some unique manufacturing process, tool technique design, or is is my customer base and how I interact with them, how I promote, etc.? By knowing what makes you special and unique, you know what you need to protect—that's the goal that you need to protect.
Then you go in with your eyes wide open. What's of interest to me? Is this a mutually beneficial relationship? When you start to assess this, it tells you where you need to put your cyber defences, which ultimately gets to what I'm responsible for. Are you positioning your company for a takeover? In this case you could expect to see a company looking to get information on your financials. Where are you particularly vulnerable, who are your suppliers, who's your legal counsel, etc.? You could see that in terms of a takeover bid.
If you're looking at a unique piece of technology, then you need to protect that. How am I protecting it and making sure that it isn't travelling, isn't going places where it walks out the door? Really think that through. You're thinking through the threats and then leveraging the advice that's out there.
View Peter Julian Profile
NDP (BC)
Thank you, Mr. Chair, and thank you, Minister Freeland, for being here today. We you hope you and your loved ones are safe and healthy during this pandemic.
Canadians are really struggling. A lot of them are struggling to keep a roof over their heads and a lot of them are trying just to keep their small businesses going.
It's very disturbing, then, to find out from journalists who have been investigating some of the distribution of COVID relief that dozens of large Canadian companies have been using COVID funds to issue dividends, engage in stock buybacks and even give executive bonuses [Technical difficulty—Editor]
Results: 121 - 135 of 656 | Page: 9 of 44

|<
<
5
6
7
8
9
10
11
12
13
14
>
>|
Export As: XML CSV RSS

For more data options, please see Open Data