Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 91 - 105 of 139
View Sébastien Lemire Profile
BQ (QC)
My last question is for the representative of the Royal Canadian Mounted Police.
Would the requirement for companies to provide much stronger accountability help you with your work, if the legislation were amended, for example?
Eric Slinn
View Eric Slinn Profile
Eric Slinn
2020-05-20 15:58
It's a difficult question to answer. A lot of companies want to protect the integrity of their systems and all that kind of stuff, so they're apprehensive about coming forward sometimes.
View Glen Motz Profile
CPC (AB)
Thank you, Madam Chair.
Mr. Masse, I appreciate that line of questioning. I think it's certainly an issue that we need to get some resolution on in the very near future.
I want to go back to Mr. Jones just for a quick minute before I connect with my friends from the RCMP.
I appreciate your comments that you were involved in this latest collaboration on the vaccine. I'm curious; are these the types of partnerships, the kinds of things we would be worried about in terms of stealing intellectual property and espionage?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 16:06
When we are working with any government department, it is primarily so that they are aware of the possible risks that come with any sort of activity online. The one truism is that no matter what technology you use, it always comes with risks.
We really do try to work proactively to figure out and understand what's happening, so that we can, first of all, understand the activity and make sure our defences are aimed toward that, but also give the advice that we would have so that they can take action to protect themselves.
View Glen Motz Profile
CPC (AB)
During this pandemic, have you invoked a request for proactive measures to stop or mitigate cyber-fraud in Canada?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 16:07
We work with partners around the world, including commercial partners. If we do see, for example, the Government of Canada's websites being impersonated, we ask for those to be taken down.
We'd also work with our law enforcement partners if we thought there was a criminality element to that, of course, and we collaborate closely with the cybercrime coordination unit under the RCMP.
View Glen Motz Profile
CPC (AB)
In your assessment, based on the information you guys are gathering and what you're seeing through this COVID, are doctors, nurses or front-line health care workers a top target of fraud or cyber-attacks during this pandemic?
Guy Paul Larocque
View Guy Paul Larocque Profile
Guy Paul Larocque
2020-05-20 16:10
I'm not sure if we know specifically at the Anti-Fraud Centre if a specific group of people in the population is being targeted. What we see is that fraud typically targets many people. Fraud doesn't have any discrimination. Everybody can be a potential victim at one point in time.
View Tako Van Popta Profile
CPC (BC)
Thank you very much.
My first question will be for Mr. Marchand.
Thank you for your testimony. Thank you for educating us on some of these important statistics.
You told us about increased identity theft associated with so many Canadians who are teleworking, as we are today. I think you mentioned a 600% increase in phishing. Again, thank you for that information. What do we, as legislators, do with that? Do you have any specific advice for what we as legislators can do to help you help Canadians better protect themselves?
Simon Marchand
View Simon Marchand Profile
Simon Marchand
2020-05-20 16:16
Thank you for the question.
Perhaps we could look at two tools in the short term. The goal is to provide tools to companies that face these risks. Now that the fraudsters have access to the information, how can we equip banks and telecommunications companies with tools to prevent the fraudsters from successfully attacking them?
The STIR/SHAKEN standards are included in these tools. Of course, in my view, because the Americans will implement these standards quickly, we can expect fraudsters to come north of the border and to take advantage of a gap in Canada's legislation and regulations.
In my opinion, the STIR/SHAKEN standards are an essential tool because fraudsters use scooping to carry out certain types of identity fraud. This isn't just a matter of robocalls, but also a matter of identity theft.
As for the other tool, I think that the rules for identifying customers should be strengthened. Right now, a social insurance number, a driver's licence or a health insurance card is enough to open a bank account or a telephone account. These pieces of identification are outdated. We must start looking at the issue of digital identity and biometric identity.
Several countries have already transitioned to these higher levels of identification. To protect Canadians, we must consider whether some form of more advanced biometric identification should be required to open accounts.
View Ali Ehsassi Profile
Lib. (ON)
View Ali Ehsassi Profile
2020-05-20 16:25
Thank you.
Given all the advisory work you do and the counsel you provide to various organizations on a general basis, would it be fair to say that the guidance you are providing essentially establishes the standard of care from a legal standpoint as to whether organizations are actually adhering to best practices and insulating themselves from losses?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 16:26
Well, I'm an engineer and not a lawyer, so I'm not sure that I'm qualified to demonstrate the standard of care.
One of the things we have worked on with our colleagues in Innovation, Science and Economic Development is the cybersecure Canada program to provide baseline cybersecurity controls to help small and medium-sized organizations do things that are actually within reach. I think one of the failings of the commercial cybersecurity industry is that we talk about things that a multi-million dollar or a billion-dollar company can afford. We need things that Canadian small businesses can afford, and that's what this is really trying to achieve.
View Brian Masse Profile
NDP (ON)
View Brian Masse Profile
2020-05-20 16:29
Thank you, Madam Chair.
My question is for Mr. Slinn from the RCMP.
We have had cases in the past in which someone has paid out a ransom for a cyber-attack and loss of privacy. A good example is the University of Calgary. Under Canadian law, is there any obligation for a company or an institution to even acknowledge that they've paid out a ransom for a cyber-attack, or is that something that doesn't have to be disclosed?
Eric Slinn
View Eric Slinn Profile
Eric Slinn
2020-05-20 16:30
That's a good question. I'm not 100% sure on that. I do know that a lot of private companies are reticent to report a cyber-attack on their business, for obvious reasons. It may affect people's confidence in that business and the data that they hold. I don't know, to be candid, if there is a legal obligation for them to report that they paid a ransom. My initial thought is no, but I'm happy to see if I can find that answer for you.
View Brian Masse Profile
NDP (ON)
View Brian Masse Profile
2020-05-20 16:30
Maybe you can work with our researchers on it as well. They do some really good work for us.
I'd be interested to know that. That eventually did go public. It goes to what Mr. Marchand was saying with regard to not even having to report certain breaches.
Then you have cybercrime. With regard to ransom, do you know if there has been an increase? Is there a database created? I've found over the years that I only hear about these cases. I wonder if the RCMP has a log of those who have complied or voluntarily said they paid a ransom, and whether any of that—Mr. Jones might have a comment on this too—comes from state governments that are involved in some type of cyber-attack and attempts at ransom.
Results: 91 - 105 of 139 | Page: 7 of 10

|<
<
1
2
3
4
5
6
7
8
9
10
>
>|
Export As: XML CSV RSS

For more data options, please see Open Data