A member of the think tank told a parliamentary committee this week that Ottawa should deploy a variety of strategies, including tax breaks, to encourage small businesses to take cyber security more seriously.
“I think the government should encourage companies to adopt the latest security measures, such as the cyber security standards established by ISED (Innovation, Science and Economic Development) and the CSE (Canadian Security Establishment, the country’s electronic spy agency that oversees the federal IT also protects the network) ) for small and medium organizations,” Aaron ShullManaging Director & General Counsel International Governance Innovation Center (CIGI) told the House of Commons Defense Committee.
the standard they mentioned cyber secure canada, a program for small and medium-sized firms. Companies that meet certain criteria and pass a security audit can tell customers and partners that they have met the certification standard.
Launched in 2019, the program has not been widely adopted. One year after the program was announced, IT World Canada It was found that only three firms were certified.
“The standard provides a high level of security,” Schul told the committee, “but its acceptance — and this is the problem — is limited.” One way forward would be to implement a tax benefit system as an incentive to help raise the overall level of cyber security in the country and reduce the risk of cyber attacks on businesses.
Second, the federal government should establish a clear and concise legal framework for how the private sector can deal with cyberattacks, including allowing companies to strike back at attackers for accusations, response and liability for attackers. But, he said, the framework must also be “nimble and respond to a rapidly changing environment. And regulations must be driven by “sound policy” and not politics. He said the cabinet should act as an integrated compliance program. lay down standards, codes of practice and certification programs for
Third, Shull said, Ottawa should convene an annual cyber security conference for a wide range of stakeholders — companies, the IT industry, provincial, territorial and municipal governments, academia, Indigenous communities, non-profits — more about cyber security Exercises to know and tabletop. Not all sessions will be open to the general public.
One model, he said, is a “cyber security dialogue” that CIGI will hold in June in Waterloo, Ontario, where it is headquartered.
“In my view, cyber security is a whole-of-society concern for Canada,” Shull explained, “and everyone should be doing more to address this issue.”
In an interview, Schul noted that the CyberSecure Canada program has been put forward by the Standards Council of Canada and Digital Governance Council (formerly the CIO Strategy Council of Canada). “If you’re a small and medium-sized enterprise, you’ll probably be fine” to face attacks from unsophisticated threat actors, he said. He said it is “relatively rare” for nation-state actors to go after SMEs here.
But the federal government needs to provide incentives for the private sector to act, Schul said. “We always wait for the ‘oops’ moment before doing something.”
He’s not sure how much tax incentive Ottawa should provide, other than to “make it big enough that people will actually do it.”
But he added, the economic benefits of costing companies less to recover from cyberattacks should increase government revenue and spur innovation.