IGF 2023 Lightning Talk #81 Canadian data, global lessons: Here's what we can do to improve cybersecurity

Time
Wednesday, 11th October, 2023 (00:10 UTC) - Wednesday, 11th October, 2023 (00:40 UTC)
Room
SC – Room H
Subtheme

Cybersecurity, Cybercrime & Online Safety
Cyberattacks, Cyberconflicts and International Security
New Technologies and Risks to Online Security

Byron Holland (CEO & President), Canadian Internet Registration Authority (CIRA), technical community, North America 

Charles Noir (VP, Community Investment, Policy & Advocacy), CIRA, technical community, North America 

Speakers

Byron Holland 

Onsite Moderator

Charles Noir

Rapporteur

Sabrina Wilkinson

SDGs

9. Industry, Innovation and Infrastructure

Targets: The promotion and implementation of robust cybersecurity practices by international organizations and bodies, national governments, businesses, and users is integral to a safe and secure global internet. While a safe and secure global internet plays a role in all 17 of the Sustainable Development Goals (SDG), it is especially relevant to SDG (9) Industry, Innovation and Infrastructure: Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation. Resilient internet infrastructure is necessarily protected from cyber threats.

Format

In this lightning talk, Byron (presenter) will dive into data from the Canadian cyber threat landscape, highlight their global and cross-border relevance, and talk about what we can all do to combat cyber threats (20 minutes). Using engagement tools, Charles (onsite moderator) will moderate a discussion between Byron and participants (10 minutes).

Duration (minutes)
30
Language
English
Description

From malware to phishing, users, organizations, and critical infrastructure alike are facing new and sophisticated cyber threats. Research published by the Canadian Internet Registration Authority (CIRA) and data from CIRA’s commercial and free-to-user cybersecurity offerings show just how often these groups are targeted—and what type of threats they're facing. 

Delivered by CIRA CEO and President Byron Holland and moderated by VP Charles Noir, this 30-minute lightning talk will dive into these and other threat trends we’re seeing in Canada. But the threats we’re seeing aren’t bound by Canada’s borders. Byron will also talk about what the Canadian threat landscape can tell us about cybersecurity as a global and cross-border challenge.

Keeping with the IGF 2023 theme “The Internet We Want – Empowering All People”, Byron will close by leading a discussion on how governments, organizations, and users can take steps to combat cyber attacks. Ranging from national legislation to individual users’ password hygiene, robust cybersecurity is a layered exercise. And we all play a role. 

 

Additional resources

1. 2023 CIRA Cybersecurity Survey

2. 2023 Canada’s Internet Factbook 

3. CIRA’s commercial cybersecurity offering, DNS Firewall

4. CIRA’s free-to-user cybersecurity offering, Canadian Shield

Key Takeaways (* deadline 2 hours after session)

There’s a concerning mismatch between the real cyber threats users face online and whether they’re taking steps to mitigate and counter this behaviour.

The increasingly connected nature of operational technology, and the long technology lifecycle of critical infrastructure, introduces new ways for attackers to access and disrupt the systems we rely on. By leveraging automation and artificial intelligence tools, cyber criminals can exploit these vulnerabilities and evolve their tactics faster than major infrastructure upgrades.

Call to Action (* deadline 2 hours after session)

Citizens should protect themselves from most cyber threats by practicing good cyber hygiene—for example, updating software, not clicking on links in suspect emails, running a Firewall, and more.

Jurisdictions should legislate to establish a baseline level of cybersecurity in critical infrastructure sectors; however, alongside other safeguards, there needs to be strong oversight frameworks to ensure these powers are used appropriately.

Session Report (* deadline 26 October) - click on the ? symbol for instructions

At IGF2023 in Kyoto, Byron Holland (President & CEO, Canadian Internet Registration Authority) delivered the lightning talk “Canadian data, global insights: What we can do to improve cybersecurity” to an in-person audience. The lightning talk was moderated by Charles Noir (Vice-President Community Investment, Policy & Advocacy, CIRA). Audience members were geographically diverse, including members living in Australia, Saudia Arabia, and the European Union.

Below are select key insights from the session, including from the delivered comments and audience contributions:

  • CIRA offers a unique perspective as the organization behind the .CA domain, used by 3.3 million Canadians, and a provider of a variety of DNS, cybersecurity, and registry services. CIRA also publishes a range of research reports focused on how organizations and users perceive and respond to cyber threats.

 

  • Insights from CIRA’s published research show that, up from 66% in 2022, 75% of Canadians are concerned about malware when using the internet. At the same time, about a fifth of Canadians say they’ve been the victim of a successful cyberattack. Yet, only about one-third of Canadians report using tools or services to increase their privacy and security online. There’s a real mismatch between the real cyber threats users face online and whether they’re taking steps to mitigate and counter this behaviour.

 

  • When it comes to organizations, CIRA’s published research shows similar trends and patterns, but also some important differences. A good percentage of the Canadian organizations surveyed as part of CIRA’s annual cybersecurity survey are being targeted by bad actors—forty-one per cent had experienced a cyber attack in the last 12 months. 

 

  • CIRA has also observed trends that suggest attacks on organizations are becoming more and more complex. The ‘Simda’ botnet, which uses anti-detection tools to evade discovery, is the number one piece of malware being used against CIRA’s customers.

 

  • At the same time, as many audience members noted, it’s now widely understood that bad actors can and do use cyber to penetrate and disrupt critical infrastructures that underpin most of our economic and social activities. Sectors like health and telecommunications are essential to the everyday lives of citizens making them attractive targets for malicious actors. The stakes for defending critical infrastructure networks couldn’t be higher.

 

  • Audience members agreed that many citizens may feel that they don’t have the skills or tools to protect themselves online. But there was recognition that citizens can protect themselves from most cyber threats by taking a handful of relatively simple actions—for example, updating software, not clicking on links in suspect emails, running a Firewall and more. Audience members were encouraged to promote good cyber hygiene practices.

 

  • Jurisdictions can also legislate to establish a baseline level of cybersecurity in critical infrastructure sectors—there just needs to be strong oversight framework to ensure these powers aren't abused. In Canada, the government is pushing forward Bill C-26, An act respecting cybersecurity, which will introduce new cybersecurity requirements across federally regulated sectors. This kind of legislation will encourage the networks that we all depend on to improve their cybersecurity posture.