The New Cyber-Secure Canada Certification Program

According to the honourable Ralph Goodale, Minister of Public Safety and Emergency Canadian government, cybercrime in Canada is responsible for more than $3 billion in economic losses each year.

As more organizations are taking the initiative to mitigate their own risk levels by hiring qualified security specialists to perform security assessments, the Government of Canada has created a comprehensive cyber review augmenting insights gained from experts and key stakeholders in both the private and public sectors.

This past March, the government released its 2019 budget plan which has introduced various measures focusing on improving cyber security. These measures were to build upon the previous budgets that are now heavily focused on the comprehensive National Cyber Security Strategy which totals close to $1 billion. The strategy is to create an approach that is adaptable to the continuously changing cyber landscape.

Cyber-Secure Canada Certification Program

The federal government finally launched the cybersecurity certification for small and mid-sized businesses in hopes of increasing the attention small and midsize Businesses (SMBs) pay to cybersecurity as well as increasing the confidence of online shoppers who buy from Canadian sites.

The CyberSecure Canada program allows organizations to prove to a certification body approved by the Standards Council of Canada that they meet certain minimum standards. Those that pass are entitled to use a logo on websites and promotional material attesting that they have met the standard. They will also be listed in a searchable registry available for consumers and partners.

Companies that meet the new security standards are entitled to use this logo on websites and promotional material attesting that they have met the standard. The program is tailored specifically for SMBs (up to 499 employees) because they have fewer IT resources, and they account for a significant number of data breaches. According to StaySafeOnline.org, which is overseen by Public Safety Canada, 71% of data breaches happen to small businesses.

To achieve certification, an organization has to prove that it is capable of implementing specific security controls. These start with basics (inventory hardware and software assets; assess potential threats; develop an incident response plan) to the technical (install and securely configure anti-virus/ anti-malware software as well as firewalls, change administrative passwords, use multi-factor authentication; have a data backup and encryption policy).

On its website, the government notes that certification does not guarantee complete protection from cyber threats. “However, the processes and best practices learned as you make your way through the certification process, will provide businesses owners, managers and employees with the tools and abilities to improve your level of cyber risk and to better deal with breaches, if they occur.”

The Proactive Approach

With the Government of Canada releasing new strategies to help mitigate the challenges associated with cyber-attacks, much of these methods are based on a minimum standards approach. It is important to recognize that this is great start to increasing security in the Canadian home and business, but much more work needs to be done. Implementing a minimal standard approach or hiring a cyber security generalist will result in exactly what you pay for. A basic level of security.

In our experience, hiring a qualified expert that specializes in attempting to bypass defenses is the one true unbiased way to test security. We find many organizations only take an interest in cyber security after they have already been compromised from a phishing campaign or malware infection. We suggest being proactive when it comes to security. Test your network. Evaluate your defenses and build assurance in your security program. Schedule your penetration test today.