Language selection

Search


Sign in

Sign in

Level Up Your Cyber Security Skills: Stay Ahead of Evolving Threats!

Security07-06-2023

In today's digital age, cyber security is essential in nearly all aspects of life. People spend much of their lives online: they do their banking, access government services, work, store pictures and videos, connect with family and friends, and purchase goods. It’s no secret that the internet has brought a significant amount of opportunities, but it has also produced new threats that can compromise our privacy and security.

Cyber security breaches can have critical consequences for organizations, including identity theft, financial losses, data theft, damage to national security, reputational damage, and legal liability, to name only a few. It is up to organizations to ensure their employees are equipped with the knowledge and skills to identify and mitigate these threats. With the right knowledge and habits, public servants can become a crucial line of defence against cyber attacks.

Over the last two years, cyber security has become a top concern for Canadians. Ransomware incidents hit the headlines on an almost daily basis both in Canada and around the world. Our essential services are being disrupted, from hospitals and schools to municipalities and utility providers. Our personal and financial data are being stolen, traded, or leaked online. – The Honourable Anita Anand, Minister of National Defence

Why is cyber security knowledge and readiness important?

An office worker in front of a laptop, looking worried, taking off their glasses and putting one hand over their face.

Organizations can protect themselves through IT security, encryption of networks, virtual private networks, by securing devices and training employees. However, even the most robust security systems are vulnerable to human error. In fact, according to the Verizon Data Breach report, in 2022, 82% of breaches involved human error.

100 icons of broken locks to represent the breaches. 82 of the 100 locks have a person icon to representbreaches involving human error. Next to the locks, the text reads “82% of breaches involved the human element.”

Despite the increasing sophistication of cyber attacks, it’s often humans mistake that leaves an organization vulnerable. Common examples of human error include weak passwords, falling for phishing scams, and the unintentional disclosure of sensitive information. In some cases, employees may even unwittingly download malware or other harmful software onto their computers, generating a backdoor for hackers to explore. Cyber security concerns everyone.

Text that reads “Cyber security training: do you need it?” Two checkboxes underneath with the words “Yes” and “No.” The “Yes” box is checked.

Four reasons why cyber security knowledge is foundational to all employees

Definition of terms

Malware: Malicious software designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware.

Phishing: An attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing a specific, usually well-known brand, usually for financial gain. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which they may then use to commit fraudulent acts.

Ransomware: A type of malware that denies a user's access to a system or data until a sum of money is paid.

Social engineering: The practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or internet to trick people into revealing sensitive information. For example, phishing is a type of social engineering.

Distributed denial-of-service (DDoS): An attack in which multiple compromised systems are used to attack a single target. The flood of incoming messages to the target system forces it to shut down and denies service to legitimate users.

Zero-day exploits: A zero-day vulnerability is a software vulnerability that is not yet known by the vendor, and therefore has not been mitigated. A zero-day exploit is an attack directed at a zero-day vulnerability.

  • Protect sensitive data, Canada, and its people: Organizations have access to sensitive data, such as people’s personal information (for example, their date of birth, financial data, address, phone number, and email address) as well as sensitive government information. Strong cyber security habits help employees know how to safeguard data through their informed behaviour, thereby decreasing the risks of data breaches. It will allow employees to understand and recognize the various risks associated with handling data. Additionally, it can help safeguard critical infrastructure, such as energy grids, transportation systems, and the healthcare system, which are essential to the well-being and security of people in Canada.
  • Reduce the risk of cyber attacks: With cyber actors becoming more effective and hackers constantly seeking new vulnerabilities, cyber security skills are vital to protect Canada's government and its people. Providing cyber security training will help staff protect the organization’s security infrastructure from threats, recognize possible vulnerabilities (or risks), and take measures to prevent cyber attacks. To ensure it is a comprehensive learning process, it should include education on malware, phishing scams, ransomware, social engineering, distributed denial-of-service (DDoS), and zero-day exploits. When an employee learns how to identify the tactics used by hackers to infiltrate networks and knows to report them, it means that systems are less likely of being attacked and that people in Canada are less likely to be victims of malicious activity.
  • Build a culture of security awareness: Cyber security is everyone’s responsibility, not just the IT department. Broad awareness of cyber threats and the skills to prevent them will actively support changing mindsets and behaviours and will instill a common culture of security. Employees will be aware of existing risks and will be proactive about identifying and reporting potential threats. They will take the necessary measures to protect and defend themselves, their teammates, and the organization from cyber attacks.
  • People will keep making the same mistakes if they don’t know what they don’t know: Without solid cyber security foundations, employees will keep making the same mistakes, (for example, clicking on nefarious links) because they are unaware of the security consequences. This can threaten the confidentiality, integrity, and availability of the organization’s assets. Employers need to help employees recognize the signs of a cyber attack, such as phishing scams and social engineering tactics, and empower them to take proactive steps to prevent a breach.

Having a whole-of-organization approach to cyber security practices and informed technology habits decreases the risks to network security, data protection, and the continuity of operations and services. It also ensures everyone, everywhere is on the same page and has a basic level of proficiency on the subject. The need for knowledge in cyber security will only continue to increase.

You can take steps to learn how to protect yourself online and protect sensitive information. Start by taking some of the following courses.

Autres ressources


Aicha-Hanna Agrane

Aicha-Hanna Agrane

Policy analyst with an expertise in global affairs, cybersecurity, and countering disinformation. | Analyste politique spécialisée en affaires internationales, cybersécurité et contre-désinformation.

Canada

Recommended for you

Topic: Working with AI Series

Working with Artificial Intelligence Series: The Trust Factor in Generative AI

We’ll increasingly see AI integrated into day-to-day tools, with the promise of boosting efficiency and productivity. However, successful implementation of these tools depends on two important factors: reliability and trustworthiness.

15 days ago21 min read

Topic: Design

Clicks and Tips: Maximizing Your Productivity

This article explores practical approaches and powerful shortcuts, shedding light on how to leverage Windows shortcuts, enhance OneNote proficiency, and implement strategies for seamless workflow in the modern workplace.

a month ago6 min read

Topic: Security

Cyber Security in the Public Service

You are the epicentre of a network of private companies that collect, store, and use your data in different ways. Each service or company operates under its own terms, privacy policies and security risks.

2 months ago6 min read