In May 2016, Opportunities NB (ONB) launched Canada’s first comprehensive cybersecurity strategy – CyberNB, under the direction of Allen Dillon. In less than a year, CyberNB will deliver a Canadianized version of Cyber Essentials for small and medium enterprises.
This is yet another step towards solidifying New Brunswick as the Canadian epicentre in mitigating global cyber risks and threats. Via CyberNB, New Brunswick is executing a deliberate action plan to build upon our world-class industry cluster and enhance workforce development, education, and cybersecurity research through our five comprehensive components.
One of the significant issues for CyberNB is the increase in attacks on small and medium-sized enterprises (SMEs). With approximately 77% of global cybercrime targeted at SMEs, including Canadian businesses, Cyber Essentials can help businesses identify key areas that need to be addressed, as well as monitor changes on-going in the business.
Cyber Essentials focuses on Internet-originated attacks against an organization’s IT systems.
Cyber Essentials concentrates on five key controls:
- Boundary firewalls and Internet gateways – devices designed to prevent unauthorized access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective.
- Secure configuration – ensuring that systems are configured in the most secure way for the needs of the organization.
- Access control – ensuring only those who should have access to systems to have access and at the appropriate level.
- Malware protection – ensuring that virus and malware protection is installed and is up-to-date.
- Patch management – ensuring the latest supported version of applications is used and all necessary patches supplied by the vendor have been applied.
Small and medium-sized enterprises often forgo ISO 27001 due to cost and time. The Cyber Highway, through Cyber Essentials, offers a cost-effective approach for SMEs to assess their organization and take steps to mitigate cyber risk. The Cyber Highway has been designed for non-technical resources to input, monitor, and asses their progress and risk. This user-friendly tool is cost-effective and its visuals clearly indicate your success or areas of improvement.
Organizations can take the steps necessary to obtain certification by going through The Cyber Highway. Certification further validates that your organization has and is taking the steps necessary to protect your data, your client’s data, your employees and your overall supply chain.
The CE Basic Compliance Program requires organizations to successfully answer a list of questions which are then audited by a third party before certification is awarded. This audit is conducted by a Certifying Body which has been approved by the Canadian Accreditation Body and is intended to verify that the information provided is correct and actions are provable.
The CE Plus (CE+) Program includes basic CE compliance, together with a requirement for businesses to have a third party carry out a successful vulnerability assessment and penetration test before certification can be awarded.
With this announcement, CyberNB will be Canadianizing Cyber Essentials and be ready to roll-out to Canadian businesses this spring.
Written by Heather MacLean