Canada ranks fifth out of 20 countries in preparedness and response to cyber security threats, according to a benchmark created by an academic journal and a security vendor.
Cyber Defense IndexProduced by MIT Technology Review Insights and Sponsored by code 42Gave Canada an average score of 6.94, behind the United States (7.13) and ahead of Poland (6.91).
The leader was Australia (7.83), followed by the Netherlands, South Korea and the US. The UK, France, Japan and Switzerland rounded out the top 10. Brazil, Turkey and Indonesia were in last place.
The difference between first place Australia and third place South Korea was only 0.42 points.
The subjective scoring rated nations on how well institutions have adopted technology and digital practices to be resilient against cyber attacks, and how well their policy frameworks promote cyber secure digital transactions.
The scoring system combined primary survey data – such as the United Nations’ Global Cyber Security Index – and interviews with what the researchers called “in-depth secondary research and analysis” (secondary information, for example, from national policy and regulatory data). goes. Global cyber security professional, technology developer, analyst and policy maker.
This research was done between April and September.
However, reported data breaches were not counted in the scoring. In September, number one Australia suffered a hack of Optus, the country’s second largest mobile provider. This month, a ransomware gang suspected to be from Russia copied the data of 10 million customers of Medibank, an Australian healthcare provider.
The report states that Australia’s first-place score “reflects its efforts to make robust digital infrastructure widely available.” “The Australian government is implementing digital tools and regulatory framework to protect personal data and digital transactions. It committed to radical changes to cyber security laws, pledging to end previous roadmap. Recent hack of Optus After the public solicitation increased.
While scoring rated countries based on the perceived robustness and relative security of their critical infrastructure, it also considered their cyber security commitments, data privacy laws and other factors.
For example, the report says that Germany was ranked 13th because of its low adoption among small- to medium-sized enterprises (SMEs), its slow digital service delivery, and its lack of e-commerce. Participation score. IT genius.
Another factor considered was the willingness of governments to use artificial intelligence to provide public services.
The rating was divided into four categories, which were weighted to arrive at each country’s final score: Critical Infrastructure (30 percent of the score), Cyber Security Resources (35 percent), Organizational Capability (20 percent) and Policy commitment (15). Percent).
Canada scored 6.45 on critical infrastructure, 7.12 on cyber security resources, 7.29 on organizational capability and 7.04 on policy commitment.
The US scored 7.49 on critical infrastructure, 7.9 on cyber security resources, 6.0 on organizational capability and 6.14 on policy commitment.
Canada does not rank in the top five countries in critical infrastructure or cyber security resources. It was ranked third in organizational capability and fourth in policy commitment. Position in this category may have reflected the federal government. proposed cyber security lawdemands Rogers Communications After a Massive Network OutageAnd Proposed update to private sector privacy law,
The report noted that many of the world’s efforts to strengthen critical infrastructure are focused on creating a secure and tamper-proof digital identity. “This proved difficult even in the most advanced economies,” it added. For example, it states that while Canada Pan-Canadian Trust Framework To promote the creation of digital IDs in 2020, the Digital ID and Authentication Council of Canada (DIACC) has not been able to develop a national digital identity system, and most provincial governments are still only
Related Content: Canadian Privacy Commissioner on Digital ID
The report states that despite growing cyber security awareness and knowledge, there is a gap between maintaining rigorous operational discipline and being truly secure. “The future of cyberdefense depends on the collective capabilities of its organizations and institutions
To continually assess new data,” it says.
“Complete data – including information about the systems involved in the cyberattack, the frequency of attacks, the attackers, any errors, damages and expected damages, and other sophisticated data including the actions taken by companies – to create a new, secure and resilient It is necessary for operational discipline,” the report says.
However, it adds, some companies – such as banks – will not disclose even basic data for fear of legal liability issues.